CN1697374A - Method for sanding and receiving cipher data, device for distributing and receiving cipher data - Google Patents
Method for sanding and receiving cipher data, device for distributing and receiving cipher data Download PDFInfo
- Publication number
- CN1697374A CN1697374A CN 200410038228 CN200410038228A CN1697374A CN 1697374 A CN1697374 A CN 1697374A CN 200410038228 CN200410038228 CN 200410038228 CN 200410038228 A CN200410038228 A CN 200410038228A CN 1697374 A CN1697374 A CN 1697374A
- Authority
- CN
- China
- Prior art keywords
- key data
- public key
- public
- distributed
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
Party of sanding cipher key data generates first cipher key data including first public key data and first private key data, and second cipher key data including second public key data and second private key data. Encrypting transform is carried out for first public key data by using second private key data so as to obtain first distribution cipher key data. Encrypting transform is carried out for second public key data by using first private key data so as to obtain second distribution cipher key data. The said first distribution cipher key data and second distribution cipher key data are sent to party of receiving cipher key data. Meanwhile, one from first public key data and second public key data is selected to send to party of receiving cipher key data. The invention reduces complexity of cipher key distribution step in cipher key management procedure, and raises difficulty of cipher key data to be attacked in procedure of distributing cipher key.
Description
Technical field
The present invention relates to information security field, relate in particular to a kind of key data receiving/transmission method and device thereof.
Background technology
Key management is the key link in the secret key safety system, and wherein the whole life of cipher key management procedures can comprise following process:
The key registration, network node obtains by safety measure or creates the initial key material, authorizes the member for one that becomes security domain;
Key is created, and network node produces by oneself or obtain key material from the trusted system assembly of KMC, wherein generally comprises key data and corresponding algorithm information etc. in the key material;
Key storage, the key material that network node obtains are stored in the corresponding medium such as the hard disk, ROM equipment, chip card, hardware token of self;
The key data that key distribution, network node obtain sends to the process of other network nodes respectively, and wherein the key distribution process must guarantee the integrality and the confidentiality of key data;
The key material that cipher key backup, network node obtain carries out storage backup once more on independent, safe storage medium, with as the follow-up data source that is provided for the key recovery process;
Key updating, network node uses new key material to replace the primary key material that is using before key material termination life cycle;
Private key log-off, in a single day network node needs that no longer key data and self are kept related, just can nullify key data, removes the offical record of all key materials;
Cipher key destruction, network node is destroyed the key material of all storages and backup;
Key recovery leaks (situation of having forgotten password as the hardware fault or the user of network node) if key material is lost, network node can recover key data by the backup keys material in the cipher key backup process.
And at present, in the various key management modes that prior art exists, its key distribution process is mainly taked following dual mode:
1) Diffie-Hellman key distribution mechanism (hereinafter to be referred as the DH key distribution)
Illustrate the principle of DH key distribution:
Suppose that two network nodes that need carry out key distribution and exchange are respectively A and B, network node A produces the key data X of self in the key constructive process
A, network node B produces the key data X of self in the key constructive process
B
Network node A is to key data X
ACarry out Montgomery Algorithm, obtain the distributed key data Y
A, wherein
Network node B is to key data X
BCarry out Montgomery Algorithm, obtain the distributed key data Y
B, wherein
Prime number q and integer a are the prior known parameters of network node A and B both sides in wherein top two formulas;
Network node A and B are respectively with the distributed key data Y
AAnd Y
BBe distributed to the other side, network node A will obtain the distributed key data Y like this
B, network node B will obtain the distributed key data Y
A
Network node A and B carry out following computing respectively subsequently:
Prove K through mathematical derivation
A=K
BThus, network node A and B both sides have just set up mutual cipher key shared data, have finished the purpose of key distribution.
To sum up, the DH key distribution can realize any two network nodes on unsafe transmission medium, realize safety key distribution and cipher key change, its network node carries out the algorithm of cryptographic calculation to key data validity mainly depends on the difficulty of calculating discrete logarithm in calculating process, promptly Montgomery Algorithm is relatively easy in the process of key data being carried out cryptographic calculation, but the process of calculating discrete logarithm is difficult relatively more; For the situation of big prime number, under the prior art condition, it has been generally acknowledged that it is calculated discrete logarithm is infeasible especially.
The DH key distribution is applicable to real-time dynamic key distribution simultaneously, and key data after its encryption and key data algorithm do not need to transmit simultaneously.
2) key distribution of root key protection mechanism
Key data provider and key data requesting party agreement in advance share group key data, and defining these group key data is root key.In the key data request process, after the key data provider adopts root key that the key data of actual transmissions is carried out encryption, send to the key data requesting party again, the key data requesting party adopts this root key that the encryption key data that receives is implemented to obtain key data after the decryption processing.
Therefore, in the above-mentioned cipher key distribution scheme, need carry out safekeeping, generally root key need be stored in (as smart card) in certain secure storage medium root key based on the root key protection mechanism.
In the key distribution process that realizes by software program; for guaranteeing the safe transmission of confidential information (as authorization message); the confidential information transmit leg need be implemented digital signature or encipherment protection to confidential information, and digital signature or encipherment protection process just are to use key data Key confidential information to be carried out the process of encryption.Guaranteeing that software program does not rely on key data that equipment is provided and realizes under the prerequisite of independent operating like this, key data should divide with the cryptographic algorithm information of software program setting and sends out, the key data distribution procedure of this moment is not just finished by real-time ways of distribution, therefore can not use the cryptographic key distribution method of DH key distribution mechanism.
If set up root key KeyRoot for each network node in advance simultaneously; adopt root key KeyRoot to remove to encrypt the key data Key that is used to protect confidential information; then face the protection problem of root key KeyRoot equally; for the cipher key distribution scheme that realizes by software program; the protection problem of this root key KeyRoot is the same substantially with the problem character of protection key data Key; can adopt the hardware smart card to come storage root key KeyRoot, but strengthen the difficulty of key management system security deployment like this.
Summary of the invention
The technical problem to be solved in the present invention is to propose a kind of key data receiving/transmission method and key data dispensing device and receiving system, so that in the cipher key distribution scheme that realizes by software program, reduce the complexity of key distribution link in the cipher key management procedures, and improve in the key distribution process key by difficulty of attacking.
For addressing the above problem, the present invention proposes a kind of key data receiving/transmission method, comprise step:
The key data transmit leg generates first key data that comprises first public key data and first private key data and second key data that comprises second public key data and second private key data;
With described second private key data first public key data is carried out enciphering transformation, obtain the first distributed key data; And
With described first private key data second public key data is carried out enciphering transformation, obtain the second distributed key data;
The described first distributed key data and the second distributed key data are sent to the key data recipient receive, one of them that select first public key data and second public key data simultaneously sends to the key data recipient and receives.
Described method also comprises step:
The key data recipient is decrypted conversion with first public key data that receives to the second distributed key data, obtains second public key data; And
Second public key data that obtains with deciphering is decrypted conversion to the first distributed key data, obtains first public key data;
Whether with first public key data that receive consistent, if confirm that described first public key data is the available key data if relatively deciphering first public key data that obtains; Otherwise confirm that described first public key data is unavailable key data.
Described method also comprises step:
The key data recipient is decrypted conversion with second public key data that receives to the first distributed key data, obtains first public key data; And
First public key data that obtains with deciphering is decrypted conversion to the second distributed key data, obtains second public key data;
Whether with second public key data that receive consistent, if confirm that described second public key data is the available key data if relatively deciphering second public key data that obtains; Otherwise confirm that described second public key data is unavailable key data.
Wherein saidly with private key data public key data is carried out enciphering transformation, the process that obtains corresponding distributed key data comprises:
Public key data is converted to binary form;
The binary form of public key data is divided into isometric block form;
Respectively encryption is carried out in each grouping of public key data with private key data;
By the set of integers cooperation that grouping constituted after each encryption is the distributed key data.
Wherein saidly with public key data the distributed key data are decrypted conversion, the process that obtains another public key data comprises:
Respectively each grouping that constitutes the distributed key data is decrypted processing with public key data;
All groupings after the decryption processing are merged processing, recover original public key data.
Accordingly, the invention allows for a kind of key data dispensing device, comprising:
The key data generation unit is used to generate the key data that comprises public key data and private key data;
The enciphering transformation unit is used to use the private key data of a key data that the public key data of another key data is carried out enciphering transformation, obtains corresponding distributed key data;
The key data transmitting element is used to send distributed key data and public key data.
Wherein said enciphering transformation unit further comprises:
The Binary Conversion subelement is used for public key data is converted to binary form;
The packet transaction subelement is used for the binary form of public key data is divided into isometric block form;
The encryption subelement is used to use private key data respectively encryption to be carried out in each grouping of public key data;
The integer set forms subelement, and being used for all groupings after the encryption are constituted a set of integers cooperation is the distributed key data.
Accordingly, the invention allows for a kind of key data receiving system, comprising:
The key data receiving element is used to receive distributed key data and public key data;
The deciphering converter unit, the data that are used to use public-key are decrypted conversion to the distributed key data, obtain the public key data with distributed key data correspondence;
The public key data comparing unit is used for relatively deciphering the consistency between the public key data of the public key data that obtains and reception.
Wherein said deciphering converter unit further comprises:
The decryption processing subelement, the data that are used to use public-key are decrypted processing to each grouping that constitutes the distributed key data respectively;
Grouping merges subelement, is used for all groupings after the distributed key data decryption processing are merged processing, recovers the public key data with distributed key data correspondence.
The beneficial effect that the present invention can reach:
The present invention is in the key distribution link, between two key datas, use the private key data in each key data respectively the other side's public key data to be encrypted respectively, obtain corresponding distributed key data, again the distributed key data that obtain and the public key data of one of them key data are sent.Like this, in cipher key transmitting process, when the key stealer attempts attack or steals key, to find the public key data and the distributed key data of plaintext transmission respectively, also to find corresponding enciphering transformation algorithm information, could can obtain two public key data through twice deciphering conversion process, thereby the cipher key attacks difficulty is strengthened, and it is also bigger to attack the resource overhead that needs.Based on cipher key delivery mechanism of the present invention, need not consider the safe storage problem of root key simultaneously, reduce the management complexity of key distribution link in the cipher key management procedures.
Description of drawings
Fig. 1 is the enciphering transformation process chart of key data receiving/transmission method of the present invention;
Fig. 2 is the deciphering conversion process flow chart of key data receiving/transmission method of the present invention;
Fig. 3 is the composition structural representation that key data sends part in the key data dispensing device of the present invention;
Fig. 4 is the composition structural representation of key data receiving unit in the key data receiving system of the present invention;
Fig. 5 is the further composition structural representation of enciphering transformation unit in the key data dispensing device of the present invention;
Fig. 6 is the further composition structural representation of deciphering converter unit in the key data receiving system of the present invention.
Embodiment
In the modern key management system, the fail safe of key data is the key link of safeguards system safety.For ensureing the confidentiality and integrity of key data in distribution procedure; the replacement and the attack of opposing key data; in the cipher key distribution scheme that realizes by the pure software design; key data receiving/transmission method of the present invention and key data dispensing device thereof and receiving system are taked to realize to the mode in user's distribution algorithms storehouse here, integrated cryptographic key protection algorithm and relevant key data in algorithms library.
Key receiving/transmission method of the present invention and key data dispensing device thereof and receiving system are after carrying out enciphering transformation by corresponding cryptographic key protection algorithm to relevant key data; the ciphering process that sends again mainly adopts and produces two key datas, the other side's public key data is carried out enciphering transformation and the distributed key data that obtain correspondence send with the private key data that comprises in each key data.Cryptographic key distribution method of the present invention is at first described below.
With reference to Fig. 1, this figure is the enciphering transformation process chart of key data receiving/transmission method of the present invention; Wherein that key data is carried out the processing procedure that sends again behind the enciphering transformation is as follows for the key data transmit leg:
Step S10 is to step S20, network node as the key data transmit leg at first generates two key datas, be defined as first key data and second key data respectively, wherein key data adopts the unsymmetrical key system, then first key data comprises that the data of a public key data and a private key data are right, is defined as first public key data and first private key data of this first key data; In like manner, also comprise second public key data and second private key data in second key data.
Step S30, use second private key data that is produced that first public key data is carried out enciphering transformation, obtain the first corresponding distributed key data, wherein the algorithm of enciphering transformation use can be selected as the case may be, carries out the enciphering transformation operation as adopting unsymmetrical key system RSA Algorithm.
Step S40 continues to use first private key data that is produced that second public key data is carried out enciphering transformation, obtains the second corresponding distributed key data.
Step S50, first distributed key data of step S30 generation and the second distributed key data of step S40 generation are sent respectively, select first public key data of generation and one of them of second public key data to send simultaneously, promptly select to send first public key data or select to send second public key data.Wherein the data that sent can be integrated in and concentrate transmission in the key algorithm, and promptly the network node as the key data transmit leg generates an algorithms library, is integrated with secret key cryptographic algorithm and relevant key data in this algorithms library.
The recipient who receives key data also will decipher conversion process accordingly for obtaining original key data, and with reference to Fig. 2, this figure is the deciphering conversion process flow chart of key data receiving/transmission method of the present invention; Here the key data that sends with the key data transmit leg is except that the first distributed key data and the second distributed key data, also sending first public key data simultaneously is that example describes, and wherein the processing procedure that receives after these key datas as key data recipient's network node is as follows:
Step S60, as key data recipient's network node by calling the algorithms library that the corresponding interface function call receives, the first distributed key data that obtain comprising in the algorithms library, the second distributed key data and first public key data and algorithm information thereof, and the second distributed key data are decrypted conversion with first public key data, by with first public key data to the second distributed key data decryption conversion process, will obtain second public key data;
Step S70 carries out the deciphering conversion process of same way as with second public key data that obtains of deciphering among the step S60 to the first distributed key data that receive, and will obtain first public key data;
Step S80, whether first public key data that receives among first public key data that obtains of deciphering and the step S60 among the comparison step S70 is consistent, if go to step S90, otherwise go to step S100;
Step S90 shows that first public key data that receives among the step S60 is the available key data, proves that key data does not suffer to replace attack in the distribution transmission course;
Step S100; show that first public key data that receives among the step S60 is unavailable key data; the proof key data may suffer stealer's replacement attack in the distribution transmission course, the key data of this moment may leak, so be unfavorable for the safeguard protection of fileinfo.
In addition, when the key data recipient received the first distributed key data, the second distributed key data and second public key data, it deciphered conversion process with above-mentioned process, for:
With second public key data that receives the first distributed key data are decrypted conversion, obtain first public key data; And
First public key data that obtains with deciphering is decrypted conversion to the second distributed key data, obtains second public key data;
Whether with second public key data that receive consistent, if described second public key data is the available key data, key data does not suffer to replace in the distribution transmission course and attacks if relatively deciphering second public key data that obtains; Otherwise described second public key data is unavailable key data, and key data may suffer stealer's replacement attack in the distribution transmission course.
Wherein above-mentionedly public key data is carried out enciphering transformation, obtains corresponding distributed key data and can specifically take following enciphering transformation mode with private key data:
Public key data is converted to binary form;
The binary form of public key data is divided into isometric block form;
Respectively encryption is carried out in each grouping of public key data with private key data;
By the set of integers cooperation that grouping constituted after each encryption is the distributed key data.
Accordingly, above-mentionedly the distributed key data are decrypted conversion, obtain another public key data and can specifically take following deciphering mapping mode with public key data:
Respectively each grouping that constitutes the distributed key data is decrypted processing with public key data;
All groupings after the decryption processing are merged processing, recover original public key data.
Be example with the asymmetric cryptosystem RSA Algorithm below, illustrate the detailed process process of cryptographic key distribution method of the present invention, specific as follows:
Wherein in the asymmetric cryptosystem of class RSA Algorithm, one group of complete key data comprises that public/private keys data are right, and key data has good symmetry.
Below be example with the RSA Algorithm, suppose that the definition clear packets is M, ciphertext block is C, public key data be (e, n), private key data be (d, n);
N is the product of two prime number p and q, and p and q produce by privately owned procedure Selection, and promptly p and q are can not disclosed data;
φ (n) is an Euler's function, its expression be no more than n and with the number of the coprime integer of n;
E is the integer of being chosen out by open option program, and promptly e be can disclosed data, wherein e satisfy gcd (φ (n), e)=1,1<e<φ (n), gcd () is for asking the function of greatest common divisor, so such e and φ (n) are coprime in the following formula;
E and d satisfy formula ed ≡ 1mod φ (n).(expression ed and 1 mould φ (n) congruence).
According to above-mentioned parameter setting, then have following encryption, deciphering transform operation to handle:
Cryptographic calculation: C=M
eModn,---(1)
Decrypt operation: M=C
dModn=(M
e)
dModn=M
EdModn=M modn---(2)
Wherein the derivation of relational expression (2) is to draw according to the mathematical proof that Euler's theorem provides.
(1) and (2) formula embodied the class RSA Algorithm and had good symmetry, public key data can should bear mutually respectively with private key data that cryptographic calculation is handled and the deciphering calculation process.
And in key data transmitting-receiving scheme of the present invention, use the private key data that comprises in the key data to carry out cryptographic calculation, use the public key data that comprises in the key data to be decrypted computing (and in the above-mentioned calculating process based on the prior art RSA Algorithm, the cryptographic calculation General Definition is to be participated in implementing by disclosed public key data, and the private key data that the decrypt operation General Definition is served as reasons secret participates in implementing, in cipher key distribution scheme of the present invention is described, here changed public key data and private key data in the cryptographic calculation process and the decrypt operation process in enforcing location, the reason of its foundation be because the class RSA Algorithm have good symmetry).
Like this, based on the RSA Algorithm of above-mentioned prior art, illustrate the concrete processing procedure of key data receiving/transmission method of the present invention:
The key data of initiating at each key data requesting party obtains request, the key data provider produces two couples of key data Kc and Kp for each user simultaneously, wherein key data Kc comprises public key data PubKc (KcE, KcN) and private key data PriKc (KcD, KcN), key data Kp comprise public key data PubKp (KpE, KpN) and private key data PriKp (KpD, KpN);
The key provider needs to use the rsa encryption conversion program that key data is carried out following enciphering transformation and handles before user program distribution public key data PubKc and PubKp:
F1 (PubKp, PriKc, Randoml)---〉S_PubKp, and wherein the effect of function F 1 () is to utilize private key data PriKc and random number R andoml that public key data PubKp is transformed to distributed key data S_PubKp, concrete transfer process is as follows,
1) public key data PubKp is converted to the binary form PubKp ' that length is Len, suppose length be the highest significant position of binary form PubKp ' of Len at L1bit, the length that then defines public key data PubKp be L1 (wherein length L 1<Len 〉; And the Cipher Strength of supposing the rsa cryptosystem system here is BlockLen (wherein BlockLen<Len, and guarantee 0=(Len) mod (BlockLen)), then this length BlockLen block length of handling of enciphering transformation just;
2) by BlockLen length to long for the binary form PubKp ' of L1 carries out packet transaction, guarantee integer that each binary packet represents less than KcN, the filling 0 of the high position before the highest significant position of each binary packet front subsequently is to be full of length L en; Wherein, require each integer that divides into groups to represent, by BlockLen a high position is filled 0 to satisfy the block length requirement simultaneously less than KcN for by the binary packet that effective bit formed that highest significant position limited; For BlockLen<Len, and 0=(Len) mod (BlockLen), random number R andom1 is filled in the then grouping that can not fill for effective bit, and the data after guaranteeing simultaneously to fill are less than KcN.
3) this moment PubKp by all binary packet be converted to integer set (PubKp1 ', PubKp2 ', ..., PubKpi '), i=Len/BlockLen wherein, (KcD KcN) carries out the rsa encryption conversion process as encryption key respectively to each integer in the set of this integer, i.e. S_PubKp1 '=(PubKp1 ') wherein with private key data PriKc
KCDModKcN ..., S_PubKpi '=(PubKpi ')
KcDModKcN;
4) and by S_PubKp1 ', S_PubKp2 ' ..., the integer set that S_PubKpi ' constituted (S_PubKp1 ', S_PubKp2 ' ..., S_PubKpi ') just formed distributed key data S_PubKp.
F2 (PubKc, PriKp, Random2)---〉S_PubKc, the effect of function F 2 () is to utilize private key data PriKp and random number R andom2 that public key data PubKc is transformed to distributed key data S_PubKc, process is similar to the above, but should be noted that 3) the encryption link in, need to use among the private key data PriKp (KpD is KpN) as the enciphering transformation key.
After key data transmit leg (being the key data provider) passes through above-mentioned key data encryption again, the distributed key data S_PubKp, the S_PubKc that obtain and public key data PubKc thereof is integrated and be encapsulated in the key data requesting party is provided in the unified algorithms library (being the key data recipient), key request can be to be integrated in algorithms library in the applied environment, and user application has only by integrated algorithms library and calls special interface and could use key data.
It is as follows that key data recipient's key data recovers reduction treatment process:
10) recipient's user program calls the algorithms library interface function, and algorithms library needed to verify and decryption oprerations before using key data; The algorithms library function at first needs to obtain distributed key data S_PubKp, S_PubKc and the public key data PubKc that receives in carrying out decrypting process;
20) at first as decruption key distributed key data S_PubKp is decrypted conversion process with the public key data PubKc that receives, press the RSA Algorithm regulation, S_PubKp be integer combinations (S_PubKp1 ', S_PubKp2 ', ..., S_PubKpi '), the data that use public-key respectively PubKc (KcE, KcN) deciphering map function, i.e. PubKp1 '=(S_PubKp1 ') are carried out in each grouping
KcEMod KcN ..., PubKpi '=(S_PubKpi ')
KcEModKcN, obtain integer combinations (PubKp1, PubKp2 ..., PubKpi)
30) if the pairing class rsa cryptosystem of public key data PubKp system Cipher Strength is BlockLen, then recover to obtain public key data PubKc by the integer representation mode;
40) as decruption key another one distributed key data S_PubKc is decrypted conversion process with the public key data PubKc that recovers to obtain, obtains another public key data PubKc; Wherein decipher conversion process with above-mentioned step 10) to step 30) processing procedure;
50) whether the public key data PubKc of deciphering public key data PubKc that obtains and the plaintext transmission that receives equates comparatively validate step 40), if equate, show that then the key data integrality is not damaged, public key data PubKc can use.
Wherein above-mentioned key data Kc and key data Kp are two couples key datas independent of each other that the key provider produces; in the cryptographic key distribution method of the present invention, its distribution of encrypted calculating process is exactly a key data protection another one key data that utilizes among key data Kc and the Kp.Mathematical characteristics according to class rsa cryptosystem system algorithm, carry out in the decrypt operation process at the user program of key request side, be by calculating the public key data of distributed key data S_PubKp or S_PubKc, and with expressly transmit and be integrated in that corresponding public key data compares in the algorithm routine, judge whether key data is attacked in transmission course.
Under the situation of carrying out key data receiving/transmission method of the present invention, suppose that the actual disclosed public key data that needs to use is PubKc, then only need integrated this public key data PubKc in Chuan Shu the algorithm routine, with the ciphertext distributed key data S_PubKc of this public key data PubKc and the ciphertext distributed key data S_PubKp of public key data PubKp, so just guaranteed the confidentiality of key data.And in recipient's deciphering conversion process, just can guarantee the integrality of key data in distribution procedure.
Key data receiving/transmission method of the present invention is in implementation process, it is bigger that difficulty is implemented in its attack, mainly be because the stealer at first need seek corresponding key data in algorithm routine, and the data structure of definite key data finds the public key data of plaintext transmission simultaneously; Implement key data then and replace attack.Because the key data of actual transmissions is hidden, the resource overhead that initiating this type of attack needs will be huge unusually, thereby provide effective safety guarantee for the key distribution process.
Accordingly, the present invention is the counterpart keys data receiving-transmitting method also, has proposed a kind of key data dispensing device, and the concrete composition of its device is with reference to Fig. 3, and this figure is the composition structural representation that key data sends part in the key data dispensing device of the present invention; It sends in the composition structure partly and comprises key data generation unit 10, enciphering transformation unit 20 and 30 3 parts of key data transmitting element, and the function and the contact of each part are specifically described as follows:
Key data generation unit 10 is used for the key data transmit leg and generates the key data that comprises public key data and private key data;
Enciphering transformation unit 20 is connected with key data generation unit 10 logics, is used to use the private key data of the key data that key data generation unit 10 produces that the public key data of another key data is carried out enciphering transformation, obtains corresponding distributed key data;
Key data transmitting element 30 is connected with enciphering transformation unit 20 logics, is used to send the public key data that distributed key data after the encryption and key data generation unit 10 generate.
With reference to Fig. 4, this figure is the composition structural representation of key data receiving unit in the key data receiving system of the present invention; Comprise key data receiving element 40, deciphering converter unit 50 and 60 3 parts of public key data comparing unit in the composition structure of its receiving unit, the function and the contact of each part are specifically described as follows:
Key data receiving element 40 is used to receive distributed key data and the public key data that the key data transmit leg sends;
Deciphering converter unit 50 is connected with key data receiving element 40 logics, and the public key data that is used to use key data receiving element 40 to receive is decrypted conversion process to the distributed key data, obtains the public key data with distributed key data correspondence;
Public key data comparing unit 60 is connected with deciphering converter unit 50 logics, is used for the consistency between the public key data of public key data that comparison obtains by 50 deciphering of deciphering converter unit and 40 receptions of key data receiving element.If consistent, then key data is not attacked in distribution procedure; If inconsistent, then key data may be attacked in distribution procedure.
Above-mentioned, enciphering transformation unit 20 and deciphering converter unit 30 all include the processing subelement of one deck down again, just can finish the processing function of self unit.
With reference to Fig. 5, this figure is the further composition structural representation of enciphering transformation unit in the key data R-T unit of the present invention; Wherein enciphering transformation unit 20 comprises that further Binary Conversion subelement 21, packet transaction subelement 22, encryption subelement 23 and integer set form subelement 24, and the function of each several part is as follows:
The integer set forms subelement 24, is connected with encryption subelement 23 logics, and being used for all groupings after 23 encryptions of encryption subelement are constituted a set of integers cooperation is the distributed key data.
With reference to Fig. 6, this figure is the further composition structural representation of deciphering converter unit in the key data receiving system of the present invention; Wherein decipher converter unit 50 and comprise that further decryption processing subelement 51 and grouping merge subelement 52, the function of each several part is as follows:
Grouping merges subelement 52, be connected with decryption processing subelement 51 logics, be used for all groupings after the distributed key data decryption processing after handling through decryption processing subelement 51 are merged processing, recover public key data with distributed key data correspondence.
The above only is a preferred implementation of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the technology of the present invention principle; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (9)
1, a kind of key data receiving/transmission method is characterized in that, comprises step:
The key data transmit leg generates first key data that comprises first public key data and first private key data and second key data that comprises second public key data and second private key data;
With described second private key data first public key data is carried out enciphering transformation, obtain the first distributed key data; And
With described first private key data second public key data is carried out enciphering transformation, obtain the second distributed key data;
The described first distributed key data and the second distributed key data are sent to the key data recipient receive, one of them that select first public key data and second public key data simultaneously sends to the key data recipient and receives.
2, key data receiving/transmission method according to claim 1 is characterized in that, also comprises step:
The key data recipient is decrypted conversion with first public key data that receives to the second distributed key data, obtains second public key data; And
Second public key data that obtains with deciphering is decrypted conversion to the first distributed key data, obtains first public key data;
Whether with first public key data that receive consistent, if confirm that described first public key data is the available key data if relatively deciphering first public key data that obtains; Otherwise confirm that described first public key data is unavailable key data.
3, key data receiving/transmission method according to claim 1 is characterized in that, also comprises step:
The key data recipient is decrypted conversion with second public key data that receives to the first distributed key data, obtains first public key data; And
First public key data that obtains with deciphering is decrypted conversion to the second distributed key data, obtains second public key data;
Whether with second public key data that receive consistent, if confirm that described second public key data is the available key data if relatively deciphering second public key data that obtains; Otherwise confirm that described second public key data is unavailable key data.
4, key data receiving/transmission method according to claim 1 is characterized in that, describedly with private key data public key data is carried out enciphering transformation, and the process that obtains corresponding distributed key data comprises:
Public key data is converted to binary form;
The binary form of public key data is divided into isometric block form;
Respectively encryption is carried out in each grouping of public key data with private key data;
By the set of integers cooperation that grouping constituted after each encryption is the distributed key data.
According to claim 2 or 3 described key data receiving/transmission methods, it is characterized in that 5, describedly with public key data the distributed key data are decrypted conversion, the process that obtains another public key data comprises:
Respectively each grouping that constitutes the distributed key data is decrypted processing with public key data;
All groupings after the decryption processing are merged processing, recover original public key data.
6, a kind of key data dispensing device is characterized in that, comprising:
The key data generation unit is used to generate the key data that comprises public key data and private key data;
The enciphering transformation unit is used to use the private key data of a key data that the public key data of another key data is carried out enciphering transformation, obtains corresponding distributed key data;
The key data transmitting element is used to send distributed key data and public key data.
7, key data dispensing device according to claim 6 is characterized in that, described enciphering transformation unit further comprises:
The Binary Conversion subelement is used for public key data is converted to binary form;
The packet transaction subelement is used for the binary form of public key data is divided into isometric block form;
The encryption subelement is used to use private key data respectively encryption to be carried out in each grouping of public key data;
The integer set forms subelement, and being used for all groupings after the encryption are constituted a set of integers cooperation is the distributed key data.
8, a kind of key data receiving system is characterized in that, comprising:
The key data receiving element is used to receive distributed key data and public key data;
The deciphering converter unit, the data that are used to use public-key are decrypted conversion to the distributed key data, obtain the public key data with distributed key data correspondence;
The public key data comparing unit is used for relatively deciphering the consistency between the public key data of the public key data that obtains and reception.
9, key data receiving system according to claim 8 is characterized in that, described deciphering converter unit further comprises:
The decryption processing subelement, the data that are used to use public-key are decrypted processing to each grouping that constitutes the distributed key data respectively;
Grouping merges subelement, is used for all groupings after the distributed key data decryption processing are merged processing, recovers the public key data with distributed key data correspondence.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200410038228 CN1697374A (en) | 2004-05-13 | 2004-05-13 | Method for sanding and receiving cipher data, device for distributing and receiving cipher data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200410038228 CN1697374A (en) | 2004-05-13 | 2004-05-13 | Method for sanding and receiving cipher data, device for distributing and receiving cipher data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1697374A true CN1697374A (en) | 2005-11-16 |
Family
ID=35349915
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200410038228 Pending CN1697374A (en) | 2004-05-13 | 2004-05-13 | Method for sanding and receiving cipher data, device for distributing and receiving cipher data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1697374A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007109994A1 (en) * | 2006-03-25 | 2007-10-04 | Huawei Technologies Co., Ltd. | Method and apparatus for generating sequence number of encryption key in network |
| CN102404068A (en) * | 2010-09-09 | 2012-04-04 | 张华轩 | Secondary encryption/decryption method |
| CN102724563A (en) * | 2012-06-15 | 2012-10-10 | 深圳市汇海威视科技有限公司 | Monitoring front end and terminal, monitoring system as well as audio/video signal encryption and decryption methods |
| CN101485137B (en) * | 2006-06-30 | 2013-07-24 | 皇家飞利浦电子股份有限公司 | Method and apparatus for encrypting/decrypting data |
| WO2013120231A1 (en) * | 2012-02-14 | 2013-08-22 | Zhang Longqi | Smart-card payment system |
| CN106033503A (en) * | 2015-03-19 | 2016-10-19 | 阿里巴巴集团控股有限公司 | Method, device and system of online writing application secret key into digital content equipment |
| CN106713258A (en) * | 2015-11-17 | 2017-05-24 | 现代自动车株式会社 | Method and apparatus for providing security service for vehicle-dedicated data channel |
| CN107786331A (en) * | 2017-09-28 | 2018-03-09 | 平安普惠企业管理有限公司 | Data processing method, device, system and computer-readable recording medium |
| CN108141355A (en) * | 2015-11-12 | 2018-06-08 | 华为国际有限公司 | Use the method and system of Diffie-Hellman processes generation session key |
| CN109040109A (en) * | 2018-08-31 | 2018-12-18 | 国鼎网络空间安全技术有限公司 | Data trade method and system based on key management mechanism |
-
2004
- 2004-05-13 CN CN 200410038228 patent/CN1697374A/en active Pending
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007109994A1 (en) * | 2006-03-25 | 2007-10-04 | Huawei Technologies Co., Ltd. | Method and apparatus for generating sequence number of encryption key in network |
| CN101485137B (en) * | 2006-06-30 | 2013-07-24 | 皇家飞利浦电子股份有限公司 | Method and apparatus for encrypting/decrypting data |
| CN102404068A (en) * | 2010-09-09 | 2012-04-04 | 张华轩 | Secondary encryption/decryption method |
| WO2013120231A1 (en) * | 2012-02-14 | 2013-08-22 | Zhang Longqi | Smart-card payment system |
| CN102724563A (en) * | 2012-06-15 | 2012-10-10 | 深圳市汇海威视科技有限公司 | Monitoring front end and terminal, monitoring system as well as audio/video signal encryption and decryption methods |
| CN106033503A (en) * | 2015-03-19 | 2016-10-19 | 阿里巴巴集团控股有限公司 | Method, device and system of online writing application secret key into digital content equipment |
| CN108141355A (en) * | 2015-11-12 | 2018-06-08 | 华为国际有限公司 | Use the method and system of Diffie-Hellman processes generation session key |
| CN106713258A (en) * | 2015-11-17 | 2017-05-24 | 现代自动车株式会社 | Method and apparatus for providing security service for vehicle-dedicated data channel |
| CN106713258B (en) * | 2015-11-17 | 2020-11-10 | 现代自动车株式会社 | Method and apparatus for providing security service for vehicle-specific data channel |
| CN107786331A (en) * | 2017-09-28 | 2018-03-09 | 平安普惠企业管理有限公司 | Data processing method, device, system and computer-readable recording medium |
| CN107786331B (en) * | 2017-09-28 | 2020-03-17 | 平安普惠企业管理有限公司 | Data processing method, device, system and computer readable storage medium |
| CN109040109A (en) * | 2018-08-31 | 2018-12-18 | 国鼎网络空间安全技术有限公司 | Data trade method and system based on key management mechanism |
| CN109040109B (en) * | 2018-08-31 | 2022-01-21 | 国鼎网络空间安全技术有限公司 | Data transaction method and system based on key management mechanism |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3761588B1 (en) | Data access rights control method and device | |
| CN103957109B (en) | A kind of cloud data-privacy protects safe re-encryption method | |
| CN111275202B (en) | Machine learning prediction method and system for data privacy protection | |
| CN1310464C (en) | Method for safe data transmission based on public cipher key architecture and apparatus thereof | |
| CN1832403A (en) | CPK credibility authorization system | |
| CN101064595A (en) | Computer network safe input authentication system and method | |
| CN109586908A (en) | A kind of safe packet transmission method and its system | |
| CN106878322B (en) | A kind of encryption and decryption method of fixed length ciphertext and key based on attribute | |
| CN108111540A (en) | The hierarchical access control system and method for data sharing are supported in a kind of cloud storage | |
| CN101079701A (en) | Highly secure ellipse curve encryption and decryption method and device | |
| Ming et al. | Efficient revocable multi-authority attribute-based encryption for cloud storage | |
| CN104735070A (en) | Universal data sharing method for heterogeneous encryption clouds | |
| CN116112244A (en) | Access control method based on blockchain and attribute-based encryption | |
| CN1697374A (en) | Method for sanding and receiving cipher data, device for distributing and receiving cipher data | |
| Gowtham et al. | Privacy enhanced data communication protocol for wireless body area network | |
| CN1543118A (en) | Public key generation device, shared key generation device, key exchange device and key exchange method | |
| CN114697042A (en) | A blockchain-based proxy re-encryption method for IoT secure data sharing | |
| US12124594B2 (en) | Enhanced security systems and methods using a hybrid security solution | |
| CN1859090A (en) | Encipher method and system based identity | |
| Mohseni Ejiyeh | Real-time lightweight cloud-based access control for wearable iot devices: A zero trust protocol | |
| CN105721140A (en) | K out of n oblivious transfer method and system | |
| CN1905447A (en) | Authentication encryption method and E-mail system | |
| CN101964039B (en) | Encryption protection method and system of copyright object | |
| CN113645235A (en) | Distributed data encryption and decryption system and encryption and decryption method | |
| CN101047945A (en) | Mobile communication system and customer temporary identity distribution method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |