[go: up one dir, main page]

TW510107B - A coding system and method of secure data transmission - Google Patents

A coding system and method of secure data transmission Download PDF

Info

Publication number
TW510107B
TW510107B TW88118019A TW88118019A TW510107B TW 510107 B TW510107 B TW 510107B TW 88118019 A TW88118019 A TW 88118019A TW 88118019 A TW88118019 A TW 88118019A TW 510107 B TW510107 B TW 510107B
Authority
TW
Taiwan
Prior art keywords
key
built
working
generator
passcode
Prior art date
Application number
TW88118019A
Other languages
Chinese (zh)
Inventor
Jian-Tsz Hou
Original Assignee
Geneticware Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Geneticware Co Ltd filed Critical Geneticware Co Ltd
Priority to TW88118019A priority Critical patent/TW510107B/en
Application granted granted Critical
Publication of TW510107B publication Critical patent/TW510107B/en

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The coding system includes a passcode generator used to generate a passcode, a hidden key generator that is electrically in connection with the passcode generator to generate a hidden key, a working key generator that is electrically in connection with the hidden key generator and the passcode generator and follows the passcode and the hidden key to generate a working key, and an encrypter/decrypter that is electrically in connection with the working key generator to perform encrypting or decrypting task on message with the working key. The method of secure data transmission forwards secure message from a forwarding end to a receiving end and includes the following procedures: provide a first hidden key to the forwarding end and a second hidden key to the receiving end, and the first and the second hidden key are identical; provide a passcode; generate a first working key in accordance with the first hidden key and the passcode; use the first working key to encrypt a plaintext into a cipher text; forward the cipher text and the pass code from the forwarding end to the receiving end; generate a second working key with the second hidden key and the passcode received by the receiving end, and the second working key equals to the first working key; and decrypt the cipher text into plain text by the second working key.

Description

510107 案號 88118019510107 Case No. 88118019

五、發明說明G) 〔發明領域〕 次輕本案為一種密碼系統及其安全資料傳輪方牛在奶私 貝料安全、資訊保護及密碼,方法,係關於 (p_ic key cryptosystem)之=^鑰费碼系統 [發明背景] 性,通訊通道傳輸之資訊具有隱私 ^不易被偷取,其可保證發送端傳送至接收端之訊自之 =雄惟!指定的接收端可還原所接收的資料。傳統:密 馬糸、、先为為二類,一為密鑰密碼系統(secret— crypt〇System),一為公碼密碼系統(pubUc key cryptosystem) 0 第一圖表示習知密鑰密碼系統(又稱對稱密碼系統, symmetric cryptosystem)的基本方塊圖。如圖所示,兩 個通訊端(分別標示為A和B)分別具有各自的加密器 Cl,C2 (cipher) ’能夠對輸出資料進行加密,對於輸入資 料進行解密。詳言之’明文(plaintext)在一端加密後產 生之密文(ciphertext),可以在另一端解密後產生原來的 明文,兩通訊端是使用相同的金鑰K1,K2進行資料的加密 /解密動作。目前使用最普遍的對稱密碼系統應該是 DESCData Encryption Standard),其採用 56 位元的密鑰 (一般尚包括8個parity check bits)。至於其他的方案, 例如 IDEA(International Data Encryption A1 g o r i t h m),則是採用類似架構但是使用的是較長的加密 金输。V. Description of the invention G) [Field of invention] This case is a cryptographic system and its security information. The method of transferring information is to protect the security, information, and passwords of the cattle. The method is about the key of (p_ic key cryptosystem). Fee code system [Background of the invention], the information transmitted in the communication channel is private ^ It is not easy to be stolen, and it can ensure that the information transmitted from the sender to the receiver is from Xiongwei! The designated receiver can restore the received data. Tradition: Mi Ma, first, are two types, one is secret-cryptoSystem, one is pubUc key cryptosystem 0 The first picture shows the conventional key cryptosystem (also known as A basic block diagram of a symmetric cryptosystem. As shown in the figure, the two communication terminals (labeled A and B respectively) have their own ciphers Cl, C2 (cipher) ′, which can encrypt the output data and decrypt the input data. In detail, 'plaintext' ciphertext generated after encryption at one end can be decrypted to generate the original plaintext at the other end. The two communication ends use the same keys K1 and K2 for data encryption / decryption. . The most commonly used symmetric cipher system at present is the DESCData Encryption Standard, which uses a 56-bit key (generally including 8 parity check bits). As for other schemes, such as IDEA (International Data Encryption A1 g r r t h m), it uses a similar architecture but uses a longer cryptographic gold loss.

第5頁 案號 8811801¾ 五、發明說明(2) _ 在對稱密碼系統中,泰偽 課題。參與資料傳輪的兩通;:換通常是-個相當重要的 且不能夠被其他人知道。、帛^方必須擁有相同的金鑰,並 錄而以隱密的方式傳m情況是一方產生此共同金 證是在隱密的狀態。如^ 。此處的傳达方式必須保 鑰,也就可以很輕鬆地解譯匕:土或無意地截取到此金 料。對稱密碼系統的者的所有資 人士進行秘密通訊。全疋,使用者無法與不特定 下,試問在二須建立在雙方已知的情況 證金,交換時的安全性? I $的ί月况下’如何可以保 第一圖則是表示習知公鑰密碼系統(又稱 ,統’ w1G eryptQsystem)的基本方塊圖\%:输 始碼糸統與一般密鑰密碼系統最大的不同點是在於兩點: (/)金鑰,換的機制;(2)實際進行加密的演算法則。參考 弟固 母通说方具有一組金錄對的兩個金鑰:公鑰K6, K3(public key)和私鑰 K4,K5(private key),分別以下標Page 5 Case No. 8811801¾ 5. Description of the invention (2) _ In the symmetric cryptosystem, the subject of Thai and pseudo-pseudo. Participate in the two-way data transfer; exchange is usually a very important and cannot be known by others. Both parties must have the same key, and record it in a secret way. The situation is that one party generated this common certificate in a secret state. Such as ^. The means of communication here must be secret, so that the dagger can be easily interpreted: dirt or unintentional interception of this material. Owners of symmetric cryptosystems conduct secret communications. Well, the user ca n’t be unspecified. How about the security of the two exchanges when the two must be established in a situation known to both parties? Under the monthly condition of I $ ', how can the first plan be shown is a basic block diagram representing a known public key cryptosystem (also known as “w1G eryptQsystem”) \%: input start code system and general key cryptosystem The biggest difference lies in two points: (/) the key and exchange mechanism; (2) the actual algorithm for encryption. Reference Di Gumu Tongfang has two keys for a set of golden record pairs: public key K6, K3 (public key) and private key K4, K5 (private key), respectively.

Pub和pri表示。公鑰K3, K6是公開的金鑰資訊,任何人都 可以取得;相對地私鑰Κ4, Κ5則是屬於個人的金鑰資料, 有自已知道。公鑰密碼系統的金鑰交換機制只需要將雙 方的公鑰Κ3, Κ6部分交換即可完成,而此交換過程並不需 要特別的保密,但是必須確認來源性,也就是公錄Κ 3,Κ 6 來源不可以被偽造(因此一般需要認證中心的存在)。完成 公餘交換部分之後,雙方可以進行資料秘密傳送。Α方傳 运到β方和B方傳送到a方的方式正好相反。若A方要傳送一 份到B方,則A方先利用B方的公鑰K3對資料在加密器 ---—___________—- 修正Pub and pri said. The public keys K3 and K6 are public key information and can be obtained by anyone; on the other hand, the private keys K4 and K5 are personal key data and they know it. The key exchange mechanism of the public key cryptosystem only needs to exchange the public keys K3 and K6 of the two parties, and this exchange process does not require special confidentiality, but the source must be confirmed, that is, the public records K3 and K 6 Sources cannot be forged (hence the existence of a certification authority is generally required). After completing the public exchange part, the two parties can transfer the data secretly. Party A transmits to party β and Party B transmits to party a in the opposite way. If party A wants to send a copy to party B, party A first uses party B's public key K3 to encrypt the data in the encryptor ------- ___________ --- correction

案號 8811801Q 五、發明說明(3) 力二„加密後的資料送到w,讓β方利用自已 :: Ϊ行解密。任何利用Β方公賴進行加密 谁H 方的私獻4才能解密,因此即使Α方 丁加欲者)也無法由加密後資料解出原始資料。反之方 LI要進傳,Λ料到A方’則需要利用'方的公鑰K6透過加 ==了加费’加密資料必須利用Α方的私觸才可以 的另一項特徵在於加解密演算法上〜 構在解數學上難題的層次上,•常在加密 =:戈者疋解密演算法上常常需要一些複雜的數學運 :如叫或是log。換言之’無論是利用軟體 ;:=,都需要相當的執行時間才可完成^這也2 料傳二:!碼糸統的最大缺點。公鑰密碼系統在-般的資 =應用上固然有其優點,但是在某些需要即時傳輸的 應用上,例如mobile phone、視訊傳輸等等。 習知技術的缺點如下: 级一、在習知密鑰密碼系統中,如何金鑰交換過程中保 =錄的安王性是一項非常重要的課題。更明確地說,由 你^ ^金鑰父換途徑的不明確性,因此根本無法保證在金 =父換過程中實際交換金鑰的隱私性。正因為如此,在現 中幾乎是不可能存在有這樣的傳輸途徑或方案。另 機合铪鑰密碼系統中,也無法適用於未曾謀面(亦即沒有 ㈢建立共有的金餘)的通訊雙方要進行秘密通訊的情 況。 巧Case No. 8811801Q V. Description of the invention (3) Li Er „The encrypted data is sent to w, so that β can use its own :: decryption to decrypt. Anyone who uses B ’s public encryption to encrypt H ’s private contribution 4 can decrypt it. Therefore, even the party A and the party cannot add the original data from the encrypted data. On the other hand, the party LI needs to pass on it, and Λ expects that the party A 'needs to use the party's public key K6 to increase through == added fee. Encrypted data must use the private touch of Party A. Another feature is the encryption and decryption algorithm. It is constructed at the level of solving mathematical problems. • Encryption =: Gezhe 疋 Decryption algorithms often require some complexity. Mathematical operation: such as calling or log. In other words, 'no matter using software;: =, it takes a considerable amount of execution time to complete it ^ This is also the second material :! The biggest disadvantage of the code system. The public key cryptosystem is in -General information = application has its advantages, but in some applications that require real-time transmission, such as mobile phone, video transmission, etc. The disadvantages of the conventional technology are as follows: Level one, in the conventional key cryptosystem, how to During the key exchange process Sex is a very important subject. To be more specific, the ambiguity of the way that you ^ ^ change the parent of the key, so it is impossible to guarantee the privacy of the actual exchange of keys during the process of gold = parent exchange. Because of this It is almost impossible to have such a transmission channel or scheme in the present. In addition, the combined key cryptosystem cannot be applied to the parties who have never met (that is, did not establish a common balance) to conduct secret communications. Situation

第7頁 MU107Page 7 MU107

!資料加解;的演算法過於複雜,-般都包含相當數旦的 :階數學運异。要實際這些高階數學運算,;軟 體或是硬體方式,#無可避免地會引入“疋…人 (processing delay)。這對於—般資料 但是對於:時f理的應用便可能有相當嚴重的問題Ϊ:: 仍曰;/· 2 ΐ碼糸統所採用的金鑰’對於其使用者而言 乃=可存取的貧源。也就是說,冑用者 =得或處理金输。換言I這也提供了骇客“金: 〔發明目的〕 之缺點’提出一種新的密 立一保密通路。這種新的 保護真正的密碼,藉以防 本案之目的即根據上述習用 碼系統,能夠在兩個通訊方間建 密碼系統是利用密瑪隱藏技術, 止破解者直接破解真實的密碼。 〔簡要說明〕 為達上述目的,本案提出一種密碼系統,包含: 一通行碼產生器,係藉以產生一通行碼(passc〇de)! Data interpretation; the algorithm is too complicated,-generally contains quite a few deniers: the first order mathematical operation difference. To implement these higher-order mathematical operations, either in software or hardware, # inevitably introduces "疋 ... 人 (processing delay). This is for general information but for: the application of time management may be quite serious Question Ϊ :: Still; / · 2 The key used by the code system 'is a poor source of access for its users. In other words, the user = wins or deals with gold loss. In other words This also provides the hacker "King: [Inventive] disadvantages" to propose a new secret-secret channel. This new type of protection for real passwords prevents the purpose of this case, which is to build a password system between two communicating parties based on the customary code system described above. The password system is based on the use of Mimar hidden technology to prevent crackers from directly cracking the real password. [Brief description] In order to achieve the above purpose, this case proposes a cryptographic system, including: a pass code generator, by which a pass code is generated

内建金鑰產生器,係電連接至該密碼產生器,並 以產生一内建金鑰(hidden key) ; σ 姑:工作金鑰產生器,係電連接至該内建金鑰產生器及 M L行碼產生恭,並根據該通行碼及該内建金鑰以產生一 工作金鑰(working key);以及A built-in key generator is electrically connected to the password generator to generate a hidden key; σ: a working key generator is electrically connected to the built-in key generator and Generating the ML line code and generating a working key based on the pass code and the built-in key; and

510107 案號 88118019 年 修· 五、發明說明(5) 利用該工作金鑰對訊息 (decrypting)之動作 ° 如所述之密碼系統 電路(I C )内部,且無法 如所述之密碼系統 變數產生器。 如所述之密碼系統 〆奏函數(hash function 如所述之密碼系統 safer κ-64、blowfish另外,本案更提出 籍以從一發送端傳輸安驟: 提供一第一内建金 接收端,該第一及第二 提供一通行碼; 進行加密(encrypt ing)或解密 ,其中由外界,其中 該内建金鑰係内建於〜 直接加以存取。 該通行碼產生器係為一 積體 隨機 其中該工作金鑰產生器係 ,其中等等。 一密碼 全的訊 錄予發 内建金 為 雜 該加密解密器係含DES、 系統之安全資料傳輸方法 息至一接收端,包含下列步 送端及一第二内建金鑰 鑰係為相同者; 輪 根據該第一内建金鑰及該通行碼產生一第 X作金 藉由該第一工作金 自該發送端送出該 精由该弟^一内建金 生一第二工作金鑰,該 金鑰;以及 藉由該第二工作金 錄加密 密文及 餘及被 第二工 鑰解密 明文為一密文; 該通行碼至該接收端; 該接收端接收之兮、$ / 从人 茨通行碼產 作炎鑰係相等於該 衣弟一工作 該密文還原至該明文。510107 Case No. 8811819 Rev. 5. Description of the invention (5) Use the working key to decrypt the message ° As described in the cryptographic system circuit (IC), and the cryptographic system variable generator cannot be described as . As described in the cryptographic system hash function (cryptographic system safer κ-64, blowfish) In addition, this case also proposes to transmit security from a sender: Provide a first built-in gold receiver, the The first and second provide a passcode; perform encryption ing or decryption, which is accessed by the outside world, in which the built-in key system is built in ~ to directly access. The passcode generator is a product random Among them, the working key generator is, among them, etc. A password-encrypted message is sent to the built-in gold as a hybrid. The encryption and decryption system includes DES and a secure data transmission method of the system to a receiving end, including the following steps. The end and a second built-in key are the same; a X-th gold is generated according to the first built-in key and the pass code, and the essence is sent from the sending end by the first working money. Brother ^ a built-in Jinsheng a second work key, the key; and the ciphertext and the remainder encrypted by the second work record and the plaintext is decrypted as a ciphertext by the second work key; the pass code to the The receiving end; , $ / Passcode Heights yield from human inflammatory as key lines equal to the work of the garment brother a ciphertext back to the plaintext.

第9頁 88118mci 五、發明說明(6) 〔圖示簡要說明〕 修正Page 9 88118mci V. Description of the invention (6) [Brief description of the diagram] Amendment

第一圖 第二圖 第三圖 第四圖 習用密鑰密碼系統; 習用公鑰密碼系統; 以及 建金鑰編碼器之架構圖 本案整個费碼傳輸系統架構圖。 〔圖號說明〕 C1,C 2 :加密器 Κ3, Κ6 :公鍮 A,Β :通訊端 3 ·編碼解碼器 7 :單向函數 U,21 :第一,第二 K1,K2 :金餘 K4,K5 :私鑰 1,2 :通訊的雙方 5 :内建金鑰 9 :通行碼 内建金錄編解碼器1 9 9 · π 13,23 :單向函數 14二.f通行碼 Ί r nr 24·工作金鑰 15, Μ :編碼解碼器 工輻 〔詳細說明〕 第三圖表示基本的内建金鑰-編/解碼器之架槿 ^ IH (c〇dec) 金鑰產生電路(key-generating circuitry)加以實施,ί 根據内建金鑰5(hidden key)以及隨機產生的通行碼 ’、 9(passcode)來決定實際進行編解碼動作的工作金鑰 (working keys)。金鑰產生電路所使用的單向函數7必須 具備以下條件 在知道工作金鑰(working keys)和通 行碼9以及單向函數7演算法的情況下,必須保證逆推出内 建金鑰5的機率為計算上之不可能。符合此一條件的演算The first figure, the second figure, the third figure, and the fourth figure. The conventional public key cryptosystem; the public key cryptosystem; and the architecture of the key encoder. [Illustration of drawing number] C1, C 2: Encryptor KK3, Κ6: Public 鍮 A, Β: Communication end 3 · Codec 7: One-way function U, 21: First and second K1, K2: Jinyu K4 , K5: Private key 1, 2: Both parties to communication 5: Built-in key 9: Passcode Built-in gold record codec 1 9 9 · π 13, 23: One-way function 14 2 .f Passcode Ί r nr 24 · Working key 15, Μ: Encoder / decoder [Detailed description] The third figure shows the basic built-in key-encoder / decoder frame ^ IH (c〇dec) key generation circuit (key- generating circuitry is implemented, and the working keys that actually perform the encoding and decoding actions are determined according to the built-in key 5 (hidden key) and the randomly generated passcodes' 9 (passcode). The one-way function 7 used by the key generation circuit must have the following conditions. When the working keys and pass codes 9 and the one-way function 7 algorithm are known, the probability of the built-in key 5 being reversed must be guaranteed. For computationally impossible. Calculations that meet this condition

第10頁Page 10

法像是密碼簽署系統中 行碼9是可以隨著庫用’、’、函數(hash function)。通 資料一併傳送到接收#而而^變動的參考碼’並且會隨著 (包含内建金鍮以及單而向函/收端則可以透過相同機制 工作金鑰進行解碼動作°。所使用的演算法)產生相同之 做為加解密影像資料的金鈐,=〇:klng keys)是實際 r ·, 、〇dec ),例如一般的block =二像DES,SAFER κ —64,B1〇wf 種區塊密碼器之組合亦可。 兹王疋夕 換言之,本案提出之密碼系統係由一通行碼產生哭、 :内建金鑰產生器、一工作金鑰產生器、、一加密解密器組 成。通仃碼產生器,係藉以產生一通行碼9(passc〇de), 内建金鑰產生器藉以產生一内建金鑰5 (hidden ,工 作金鑰產生器根據該通行碼9及該内建金鑰5以產生一工 巧士鑰(working keys),而編碼解碼器(c〇dec) 3之加密 解始、器則利用該工作金錄(w 0 r k i n g k e y S )對訊息進行加密 (encrypting)或解密(decrypting)之動作。當然,該内建 金鑰係内建於一積體電路(1C)内部,且無法由外界直接加 以存取。該通行碼產生器係為一隨機變數產生器。該工作 金鑰產生器係為一雜湊函數(hash function)。該加密解 密器係含DES、SAFER K-64、BL0WFISH 等等。 利用本案之雙層加密結構的前題是通訊雙方都必須擁 有相同的内建密碼,這可以由幾種方式達到:(1)通訊雙The method is like line code 9 in the password signing system, which can be used with the library ',', hash function. The common information is transmitted to the receiving # while the reference code changes ^ and will be changed along with (including the built-in gold key and the single-way letter / receiver can be decoded through the same mechanism working key.) Algorithm) to generate the same golden 钤 as encrypted image data, = 〇: klng keys) are the actual r ·, 〇dec), for example, general block = two-like DES, SAFER κ-64, B1〇wf Combinations of block ciphers are also possible. Wang Xixi In other words, the cryptographic system proposed in this case is composed of a passcode: a built-in key generator, a working key generator, and an encryption and decryption device. The pass code generator is used to generate a pass code 9 (passcode), and the built-in key generator is used to generate a built-in key 5 (hidden). The work key generator is based on the pass code 9 and the built-in key. The key 5 is used to generate a working key, and the encryption and decryption of the codec 3 is performed. The device uses the working key (w 0 rkingkey S) to encrypt or encrypt the message. Decrypting action. Of course, the built-in key system is built in an integrated circuit (1C) and cannot be accessed directly by the outside world. The pass code generator is a random variable generator. The The working key generator is a hash function. The encryption and decryption device includes DES, SAFER K-64, BL0WFISH, etc. The premise of using the double-layer encryption structure of this case is that both parties of the communication must have the same Built-in password, which can be achieved in several ways: (1) Communication dual

方的1C在製造之初即透過一密閉的電子裝置,在兩者間建 立一不為外人所知的内建密碼,在此密閉電子裝置中,ICFang's 1C built a sealed electronic device between the two through an enclosed electronic device at the beginning of manufacture. In this enclosed electronic device, the IC

第11頁 月 修正 曰 88118019 五、發明說明(8) = :然不可以直接輪出,而是必須透過轉譯 錄,也密碼機制來完成所需要交換的内建金 路只合長(破解機率最低)之公鑰密碼器電路,此電 :、日在建立内建金鍮時使用一次 :。口電路此電 (或勒體模擬)使用㈣數學運 ::鑰密碼器電路 ;行内建金鑰設定時會需要相當 時^長度很長,因此 際對資料加解密時不需要動用到這間’但是因為在實 的編碼解碼器(codec)部分,因此3卩刀’、而是使用速度快 要求。 仍可以達到即時性的 在本案的密碼結構申會在一定旦 通行碼,通行碼產生的頻率可以加入所需要的 的作用是讓實際負責編解碼的全。通行碼 :破解區塊編碼器的方式是 夠::=性。因為- 破解出對應的金餘。而在上述結密文對來 鎗就會隨之改變,使得破解上更::困;^, 破解的工作金鑰也很難配合對庫性。另外, 金鑰1此系統整體而言仍然是安全的4出系統的内建 第四圖表示整個密碼傳輸系统的架構圖 Γ解二具有/ 一内建金鍮編解碼器11和第二内建全/ ί、蔣L ’、其内包含—致性的内建金鑰。當傳U ? :明文 輸入到第一内建全 、(工 配合適 第12頁 510107Month amendment on page 11: 88118019 V. Invention description (8) =: However, it cannot be rotated out directly, but the built-in golden road that needs to be exchanged must be completed through translation and password mechanism (the probability of cracking is the lowest) ) Of the public key cipher circuit, this call :, once used when building the built-in gold coin :. This circuit (or simulative simulation) uses ㈣mathematical operation :: Key cipher circuit; the built-in key in the line will take a considerable amount of time ^ The length is very long, so you do n’t need to use this when encrypting and decrypting data. 'But because it is in the real codec (codec) part, so 3 knives', but the use of fast requirements. The real-time password structure can still be achieved in this case. The pass code can be added to the pass code, and the frequency of pass code generation can be added to the required function to allow the actual responsibility for encoding and decoding. Passcode: The way to crack the block encoder is enough :: = sex. Because-crack the corresponding Jinyu. In the above-mentioned ciphertext, the gun will change accordingly, which makes the cracking more difficult :: sleepy; ^, the cracked work key is also difficult to cooperate with the library. In addition, the key 1 system is still secure as a whole. The built-in 4th system shows the architecture diagram of the entire cryptographic transmission system. Γ Solution 2 has / a built-in gold codec 11 and a second built-in. Quan / ί, Jiang L ', which contains—consistent built-in keys. Dang Chuan U ?: plain text input to the first built-in, (appropriate labor distribution page 12 510107

透過單向函數1 3產生所需要的工作金鑰1 4,利用編碼解石馬 為(codec) 15將明文資料piaintext加密成密文資料 Cipher text輸出。輸出部分還包括了對應的通行碼 Passcode。當接收端(右端)收到密文資料Ciphertext以及 通行碼Passcode,會將其中通行碼22送到單向函數23中, 與内建金鍮21 —併作用還原出原始的工作金鑰24,再利用 編碼解碼器(codec ) 25將密文資料Cipher text還原成明 文資料Plaintext。The required working key 14 is generated by the one-way function 1 3, and the plaintext data piaintext is encrypted into the ciphertext data Cipher text using the codec calculus 15 (codec) 15. The output section also includes the corresponding passcode. When the receiving end (right end) receives the ciphertext data Ciphertext and the passcode, the passcode 22 will be sent to the one-way function 23, and the built-in gold key 21 will be used to restore the original working key 24, and then A codec (codec) 25 is used to restore the Cipher text to Plaintext.

換曰之’本案更提出密碼系統之安全資料傳輸方法, 藉以從發送端1 (亦可為接收端)傳輸安全的訊息至接收端 2(亦可為發送端),首先由第一内建金鑰解碼器丨丨及第二 内建金鑰解碼器21分別提供第一内建金鑰予發送端1及第 一内建金鍮予該接收端2 ’該第一及第二内建金鑰係為相 同者。接著提供一通行碼1 2,並根據該第一内建金鑰及該 通行碼12產生第一工作金鑰14,再藉由該第一工作金錄14 加密一明文Plain text為一密文Cipher text。之後,再自 該發送端1送出該密文(:丨01161^6\1:及該通行碼?33%〇(^至 該接收端2,由該第二内建金鑰及被該接收端2接收之該通 行碼Passcode產生一第二工作金鑰24,該第二工作金鑰24 係相等於該第一工作金鑰1 4。最後,再藉由該第二工作金 鑰24解密該密文Ciphertext還原至該明文ρ! aintext。 要破解第四圖之密碼糸統,可以區分為兩種層次: (1)破解工作金鑰,以及(2)破解内建密碼。要破^工作金 鑰’必須收集足夠的明文-密文對,再配合編碼解碼器 (codec )内的演算法,才能夠加以破解。不過在本;統 第13頁 510107 案號 88118019 五、發明說明(10) 中,工作金鑰的破解與否並不备旦如< ^ 皆 a a从e人 不會影響系統整體的安全性。 一、工乍“ ★疋θ隨著通行碼而變動,只要通行碼具 1夠的變異性’亦即利用隨機變數產生; 破解單-工作金鑰並不會影響其他加密資料的安全^上 —、如果工作金鑰的變動率非常快,收集足夠明 對就變得十分困難。第三、即使成功破解出數個工作二 ^及相對的通行碼,根據單向函數的特性,也無法逆推^ 真正的内建金鑰,因此系統仍然是安全的。 真實密碼可以建立於一硬體線路中,亦即積體 (ic)内部,以下稱之為内建金鑰(hidden key)。、内建穷碼 是和一可變動的通行碼(passc〇de),一起經過單向函&‘ (one-way function)的處理,產生工作金鑰(w〇rking keys)。工作金鑰是實際負責進行編解碼資料的金鑰。 專利之密碼系統的重點有三:(1)内建密碼是内建於ic的 内部’而且不預設任何讀出内建密碼的路徑,(2)内建金 鑰是利用可變動的通行碼來產生真正進行編解碼動作的工 作金鑰,也就是說,改變通行碼可以隨之改變對應的工作 金錄’增加工作金鑰的變異性;(3 )單向函數具有不可逆 推的特性,也就是說,無法由工作金鑰以及對應的通行碼 逆推回真正的内建金鑰。根據上述特性,可以建立一 ^具 有相當安全度的密碼系統。 、 本案優點如下: 一、由硬體保護之内建金鑰(hidden key),可以確保 沒有人可以直接存取到此内建金鑰,消除了人為因素對 統安全性的威脅。 μ 'In other words, this case also proposes a secure data transmission method for the cryptographic system, whereby a secure message is transmitted from the sending end 1 (also the receiving end) to the receiving end 2 (also the sending end). The key decoder 丨 丨 and the second built-in key decoder 21 provide the first built-in key to the sending end 1 and the first built-in key to the receiving end 2 'The first and second built-in key systems are The same. A pass code 12 is then provided, and a first work key 14 is generated based on the first built-in key and the pass code 12, and then a plain text Plain text is encrypted into a cipher text Cipher by the first work key record 14. text. After that, the ciphertext (: 01161 ^ 6 \ 1: and the passcode? 33%) is sent from the sending end 1 to the receiving end 2. The second built-in key and the receiving end The received Passcode generates a second work key 24, which is equal to the first work key 14. Finally, the second work key 24 is used to decrypt the password. The text Ciphertext is restored to the plain text ρ! Aintext. To crack the password system of the fourth picture, it can be divided into two levels: (1) crack the work key, and (2) crack the built-in password. To break the ^ work key 'You must collect enough plaintext-ciphertext pairs, and then cooperate with the algorithms in the codec to be able to crack them. However, in this paper, page 13 510107 case number 88118019 5. In the description of the invention (10), The cracking of the work key is not as good as < ^ Both aa and e will not affect the overall security of the system. First, the industry "★ 疋 θ varies with the pass code, as long as the pass code is 1 'Variability', which is generated using random variables; cracking the single-working key does not affect other encrypted data Security, if the rate of change of the work key is very fast, it becomes very difficult to collect enough clear pairs. Third, even if several work codes and relative pass codes are successfully cracked, according to the characteristics of the one-way function The real built-in key can not be reversed, so the system is still secure. The real password can be established in a hardware circuit, that is, inside the IC (hereafter referred to as the built-in key). key) .. The built-in poor code is processed with a one-way function & a variable pass code, which generates a working key. The work key is the key that is actually responsible for encoding and decoding data. The key points of the patented password system are: (1) the built-in password is built in ic 'and there is no preset path to read the built-in password, ( 2) The built-in key is a work key that can be used for encoding and decoding by using a variable passcode. That is to say, changing the passcode can change the corresponding work record to increase the variability of the work key. (3) One-way function has irreversibility The characteristics, that is, the real built-in key cannot be pushed back by the work key and the corresponding passcode. According to the above characteristics, a cryptosystem with considerable security can be established. The advantages of this case are as follows: 1. The built-in hidden key protected by hardware can ensure that no one can directly access this built-in key, eliminating the threat of human factors to the security of the system. Μ '

五 内=金鑰利用單向函數來產Five inner = keys are produced using a one-way function

8811801Q 發明説明(ii) 二作金•,因Λ對於内建金生實際負] 三、實際負責加解;性更有保,j 基本換位和代換處理方=馬=(C。— 於即時傳輸的應用。建立,因此處理快速, 妙比本案得由熟悉本技藝之人士任施匠思而為諸 w S不脫如附申請專利範圍所欲保護者。 賢加解密的 t 〇 )是利用 可以適用 般修飾,8811801Q Description of the invention (ii) Second cropping gold, because Λ is actually negative for the built-in Jinsheng] III. Actually responsible for resolving; sex is more secure, j basic transposition and substitution processing party = 马 = (C.— 于Real-time transmission application. Established, so the processing is fast. Miaobi can be protected by those skilled in the art who are familiar with the art, as well as those who want to protect the scope of patent application. Encrypted and decrypted t 〇) is Use the applicable modification,

Claims (1)

510107 -- 案號88118019 _年月日 修正 __ 六、申請專利範圍 1 · 一種密碼系統,包含: 一通行碼產生器,該通行碼產生器係為一隨機變數產 生為’藉以產生一通行碼(passc〇de); 一内建金鑰產生器,係電連接至該工作金鑰產生器, 並藉以產生一内建金鍮(hidden key), 其中該内建金鑰 係内建於一積體電路(IC)内部,且無法由外界直接加以存 取; 一工作金鑰產生器,該工作金鑰產生器係為一雜湊函 數(hash function),電連接至該内建金鑰產生器及該通 行碼產生器,並根據該通行碼及該内建金鑰以產生一工作 金鑰(working key);以及 一加密解密器,係電連接至該工作金输1 利用該工作金鑰對訊息進行加密(e町yptinf) =密措乂 (decrypting)之動作,該加密解密器係含des K-64、BL0WFISH 等等。 2 · —種密碼系統之安全資料傳輸方 傳輸女全的汛息至一接收端,包含下列步驟· 提供一第一内建金鑰予發送端及一二二 接收端亥第-及第二内建金鑰係::内建金鑰予該 係内建於一積體電路(1C)内部,且1 5亥内建金鑰 取; “、、法由外界直接加以存 提供一通行碼,該通行碼係由一 生; ^機變數產生器產 根據該第一内建金鑰及該通行螞 輪· /王土乐一工作金510107-Case No. 88118019 _ year month day amendment __ 6. Patent application scope 1 · A cryptographic system includes: a pass code generator, which is generated by a random variable as' to generate a pass code (Passc〇de); a built-in key generator, which is electrically connected to the working key generator and generates a built-in hidden key, wherein the built-in key is built in a product Inside the body circuit (IC) and cannot be accessed directly by the outside world; a working key generator, which is a hash function, which is electrically connected to the built-in key generator and The passcode generator generates a working key based on the passcode and the built-in key; and an encryption and decryption device, which is electrically connected to the working input and uses the working key to pair messages Encryption (e-machi yptinf) = encryption (decrypting) action, the encryption and decryption system contains des K-64, BL0WFISH and so on. 2-A secure data transmission side of a cryptographic system transmits the flood information of the women's college to a receiving end, including the following steps: Providing a first built-in key to the sending end and the receiving end Built-in key system: The built-in key is built into an integrated circuit (1C), and the built-in key is retrieved from 1550; ",, method is directly stored by the outside to provide a pass code, the The pass code is generated by a lifetime; ^ The machine variable generator is based on the first built-in key and the passer wheel. 第16頁 510107 _案號88Π8019_年月日__ 六、申請專利範圍 藉由該第一工作金鑰加密一明文為一密文; 自該發送端送出該密文及該通行碼至該接收端; 藉由該第二内建金鑰及被該接收端接收之該通行碼產 生一第二工作金鑰,該第二工作金鍮係相等於該第一工作 金鑰;以及 藉由該第二工作金鑰解密該密文還原至該明文。Page 16 510107 _ Case No. 88Π8019_ Year Month Date __ Sixth, the scope of the patent application is encrypted by the first working key as a ciphertext; the ciphertext and the passcode are sent from the sender to the receiver A second working key generated by the second built-in key and the passcode received by the receiving end, the second working key being equal to the first working key; and by the first The two working keys decrypt the ciphertext and restore it to the plaintext. 第17頁Page 17
TW88118019A 1999-10-19 1999-10-19 A coding system and method of secure data transmission TW510107B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW88118019A TW510107B (en) 1999-10-19 1999-10-19 A coding system and method of secure data transmission

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW88118019A TW510107B (en) 1999-10-19 1999-10-19 A coding system and method of secure data transmission

Publications (1)

Publication Number Publication Date
TW510107B true TW510107B (en) 2002-11-11

Family

ID=27656781

Family Applications (1)

Application Number Title Priority Date Filing Date
TW88118019A TW510107B (en) 1999-10-19 1999-10-19 A coding system and method of secure data transmission

Country Status (1)

Country Link
TW (1) TW510107B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8112496B2 (en) 2004-09-24 2012-02-07 Microsoft Corporation Efficient algorithm for finding candidate objects for remote differential compression
US8117173B2 (en) 2004-04-15 2012-02-14 Microsoft Corporation Efficient chunking algorithm
TWI399663B (en) * 2009-05-04 2013-06-21 Mediatek Singapore Pte Ltd Cryptography system and cryptography method
US11005658B2 (en) 2017-12-13 2021-05-11 Delta Electronics, Inc. Data transmission system with security mechanism and method thereof

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8117173B2 (en) 2004-04-15 2012-02-14 Microsoft Corporation Efficient chunking algorithm
US8112496B2 (en) 2004-09-24 2012-02-07 Microsoft Corporation Efficient algorithm for finding candidate objects for remote differential compression
TWI399663B (en) * 2009-05-04 2013-06-21 Mediatek Singapore Pte Ltd Cryptography system and cryptography method
US11005658B2 (en) 2017-12-13 2021-05-11 Delta Electronics, Inc. Data transmission system with security mechanism and method thereof

Similar Documents

Publication Publication Date Title
JP4384728B2 (en) Key agreement and transport protocols using intrinsic signatures
CA2197915C (en) Cryptographic key recovery system
US5907618A (en) Method and apparatus for verifiably providing key recovery information in a cryptographic system
US7424615B1 (en) Mutually authenticated secure key exchange (MASKE)
CN108199835B (en) Multi-party combined private key decryption method
US6769060B1 (en) Method of bilateral identity authentication
WO1990009009A1 (en) Data carrier and data communication apparatus using the same
WO2018235845A1 (en) Key exchange system and key exchange method
ES2304929T3 (en) METHOD TO TRANSFER THE RIGHTS TO DECODE MONTHLY.
CN110519226B (en) Quantum communication server secret communication method and system based on asymmetric key pool and implicit certificate
Kaur et al. A random selective block encryption technique for secure image cryptography using blowfish algorithm
KR20200055672A (en) Encryption systems and method using permutaion group based cryptographic techniques
TW510107B (en) A coding system and method of secure data transmission
CN116781243B (en) Unintentional transmission method based on homomorphic encryption, medium and electronic equipment
JP4615128B2 (en) Voice and data encryption method using encryption key split combiner
KR100388059B1 (en) Data encryption system and its method using asymmetric key encryption algorithm
JPH07175411A (en) Cipher system
Nithya et al. An Analysis on Cryptographic Algorithms for Handling Network Security Threats
Sarumi A review of encryption methods for secure data communication
Parikh et al. Ciphering the Modern World: A Comprehensive Analysis of DES, AES, RSA and DHKE
Kar et al. Cryptography in the banking industry
JP2000349748A (en) Secret information sharing method
Halder et al. Information Security Using Key Management
Gennaro et al. Secure key recovery
BISWAS INFORMATION SECURITY USING KEY MANAGEMENT

Legal Events

Date Code Title Description
GD4A Issue of patent certificate for granted invention patent