CN1305285A - Data encryption transmission and exchange method in self-cycle balance state and soft-closed management system - Google Patents

Data encryption transmission and exchange method in self-cycle balance state and soft-closed management system Download PDF

Info

Publication number
CN1305285A
CN1305285A CN 01107004 CN01107004A CN1305285A CN 1305285 A CN1305285 A CN 1305285A CN 01107004 CN01107004 CN 01107004 CN 01107004 A CN01107004 A CN 01107004A CN 1305285 A CN1305285 A CN 1305285A
Authority
CN
China
Prior art keywords
data
user
manager
control device
random code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN 01107004
Other languages
Chinese (zh)
Other versions
CN1232067C (en
Inventor
周学军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN 01107004 priority Critical patent/CN1232067C/en
Publication of CN1305285A publication Critical patent/CN1305285A/en
Application granted granted Critical
Publication of CN1232067C publication Critical patent/CN1232067C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Abstract

a data encryption, transmission and exchange method based on the self-cycle balance state by one-for-one encryption and its soft-enclosed management are disclosed. It is denpendent on that the encryption-decryption funotions between manager and user controllers contains different random parameters for each operation, so creating a dynamic balance state of self-cycle encryption protection between data transmission and exchange relations in one-for-one condition. When external intrusion occurs, the balance is destroyed to automatically isolat the data encryption, transmission and exchange relation between manager and user controller, resulting in a soft-enclosed protection system of data.

Description

The method and the soft-closed management system of data encryption transmission exchange under the one-time pad self-loopa equilibrium state
The present invention relates to a kind of method and closed management system that data is carried out the encrypted transmission exchange.
Shannon (Shannon) has proved the cryptographic system of one-time pad in theory owing to encrypt to be each time at random, makes cryptanalysis person to go to infer next time enciphered message according to previous enciphered message, thereby is unbreakable.But to use this theory in practice, then need solve serial thorny problems such as instantaneity that each decryption key transmits and fail safe, thereby not have also so far comprehensively that the extensive practicability commercial system of this encryption theory of employing appears on the market.
So-called soft-closed management system, be meant that each unit of internal system is under the situation that on the hardware is open (can be communicated with arbitrarily by the external world) to external world, by currency data in the system being taked the supple-management mode block and extraneous information interchange, then can freely carry out the transmission exchange of data between each unit of internal system.
The example of a kind of supple-management formula system is the condition rating encrypting and deciphering system of TV station, be the realization condition rating, TV station as administrative center broadcasts with cipher mode TV programme, and the user only obtains decryption key and utilizes corresponding decipher just can watch normal TV programme from TV station satisfying under the certain condition (as the back of paying dues).Do not get rid of and have some tissues or individual and obtained by all channels and be connected with another part user's decipher in some way privately again behind the core decryption key of ciphered program and authorize, make a part of user escape rating and the toll administration of TV station it to it.This kind outside invasion back of coming in is initiatively carried out the illegal act of authorization of data additional modifications to system by administrative unit, and this supple-management mode is both not had directly to discover means and also do not have directly effectively protective approach technically.
The example of another kind supple-management formula system is the record acquisition system of data, the centre data gatherer is all registered the data logger of disperseing each point, and machine is by the common data transmission network or otherwise the data of scrambled record in the data register are read collection in due course.Do not get rid of and have such situation generation, i.e. imitative centre data gatherer of having stolen after data logger log-on message and the enciphered message, active is connected with the register of each collection point and steals the data that read its record, and the data acquisition right that the system investor of making should enjoy is separately encroached on.This extraneous initiatively is communicated with the behavior of being plagiarized data by administrative unit, and this supple-management mode is both not had directly to discover means and also do not have directly effectively protective approach equally technically.
Another soft centralized management formula system example is computer software online registration mandate guard method (other software anti-theft guard method is generally lower with respect to the method protection level) post sales: the user must be installed on it on a certain computer earlier after buying certain software, after linking to each other and register by the Internet and software marketing manufacturer are online again, just can obtain the only use authority on this TV station computer of this software; But this does not get rid of the still available various methodologies of this user and remove the restriction that this software can only use on this TV station loom, and remove to use software data after the restriction externally to export to other people this and use or carry out piracy sale with this and seek profit.This initiatively is in communication with the outside by administrative unit and the outwards unlawful practice of dateout, and this supple-management mode is both not had directly to discover means and also do not have directly effectively protective approach technically equally.
Supple-management formula system does not in sum have the technological means after initiatively finding self to be invaded by external system, do not have automatically effective baffle system inside yet and kept the reliable way of exchanges data relation privately with the external world, so all can't become a kind of proper soft-closed management system by administrative unit.The implementation method of above-mentioned various supple-managements is simultaneously generally all designed at the course of work of concrete system, so all can not rise to the cross-platform management implementation of the unification with general pervasive meaning.
Purpose of the present invention is exactly to utilize the single exclusiveness of random signal and the characteristics of unpredictability; be introduced into the manager of system of the present invention and user among the data encrypting and deciphering transforming function transformation function of digital verification between the control device and bidirectional data transfers exchange; forming one is the dynamic equilibrium of the self-loopa data encryption transmission of condition with the one-time pad; keep the periodic duty process of this equilibrium state; just set up a kind of working system with soft-closed management system of pervasive meaning; and an above-mentioned all kinds of difficult problem is solved comprehensively, in numerous type real systems, applied with the most direct complete form at the encryption protecting method of objectively also having facilitated this highest level in theory of one-time pad simultaneously.
Fig. 1 is that a kind of soft-closed management system of the present invention is formed structure chart
Fig. 2 is the manager operation principle block diagram among Fig. 1
Fig. 3 is that user among Fig. 1 is from control device operation principle block diagram
Below in conjunction with Fig. 1--Fig. 3 is described further the principle of the invention.
By the system shown in Figure 1 structure, manager [A] is the data centralization administrative center of whole system, be connected from control device [B] with a plurality of users by the bidirectional data transfers channel, and with log-on message and other the agreement verification msg information of each user under the stored record from control device [B], the user from control device [B] also with the agreement verification msg information of stored record correspondence; The relevant data that utilizes these both sides to prestore, engagement arithmetic rule and the proving program of following a cover will mark off internal system element and outside regulatory boundary, and set up a kind of soft-closed centralized management system that has principal and subordinate's managerial structure each other thus.
The structure that it should be noted that native system can also have various distortion: when (1) had only a user from control device [B] when system configuration, native system just developed into point-to-point closed data exchange system; (2) if the functional structure feature that allows each unit both have manager [A] also has the functional structure feature of user from control device [B] simultaneously, promptly two master-slave mode managerial structures of system of the present invention are carried out reverse each other compoundly, then native system will develop into symmetrical expression managerial structure system.
Operation principle by manager shown in Figure 2 [A] is: after manager [A] was communicated with from control device [B] by bidirectional data transfers channel and user, data collector [A3] receives sequence code L that the user transmits from control device [B] and digital verification data earlier, and (a kind of digital verification data in user's generation from control device [B] were: Z1=a R, wherein R is a random number, a is the number of making an appointment.), separation through data extractor [A4], the digital verification data are sent checking computing comparator [A2], sequence code L data are sent user data librarian [A1], after the agreement verification msg of control device [B], send checking computing comparator [A2] in order to access this user who is pre-stored in this again, and thus in checking computing comparator [A2] with the digital verification data that before directly pass to carry out early stage the digital verification computing a kind of method of digital verification computing is: the first step--the user data librarian [A1] from manager [A] accesses agreement checking number a, b calculates Z2=(Z1) b=a BRAnd Z3=a r, wherein r also is one and produces number at random, Z1 is transmitted from control device [B] by the user, and the calculated value of Z2, Z3 is returned to the user from controlling device [B] again by data collector [A3]; Second step--also from local data memory [B1], access the agreement checking number b that prestores at the checking computing comparator [B2] of user from control device [B], calculate Z4=(Z1) b=a BRAnd Z5=(Z3) b=a Br, with Z4 relatively with the Z2 that transmits, if Z4=Z2 illustrates that then manager [A] is qualified, then pass Z5 back manager [A] by user data transceiver [B3], and wait for the further instruction of manager [A]; The 3rd step--checking computing comparator [A2] calculates Z6=(Z3) again in manager [A] b=a Br, Z6 and the Z5 that passes back are compared, if Z6=Z5 illustrates that then the user also is qualified from control device [B], and this result is conveyed the user from control device [B] by corresponding instruction, enter further work to control it; So far manager [A] and user have just been finished from the mutual digital verification work in early stage between the control device [B].The functional relation that it should be noted that above-mentioned digital verification also can adopt other form, even can be reduced to directly relatively verifying of the employing pre-poke of both sides.; If the mutual digital verification computing in this early stage be able to by, then manager [A] and user will enter the transfer of data exchange course of work together from control device [B]: 1) manager [A] encrypted transmission datamation
Manager data X to be passed is input to scrambled device [A7], will be by substitution artificial selected and manager data encryption function formula of extracting from encrypting and decrypting function exam pool manager [A8] at this:
X Close=F i(L, S, X)
Wherein X--is a manager data to be passed; (X ∈ set of real numbers)
X Close--be encrypted manager data; (the close ∈ set of real numbers of X)
F i--be the manager data encryption function, i is its code;
L--is the sequence code of user from control device [B]; (L ∈ set of real numbers)
The scrambling parameter of S--for existing with the random number form is referred to as at random
Sign indicating number.(S ∈ set of real numbers)
After carrying out compose operation with this relational expression, manager data X to be passed will be generated encrypted manager data X by positive-going transition Close, and by data collector [A3] and bidirectional data transfers channel send to the user from the control device [B].2) manager [A] receives the decryption work after the enciphered data
Transmit the encrypt user data Y of user by the bidirectional data transfers channel from control device [B] Close, receive through data collector [A3], and pass to unscrambling decoding device [A5] after data extractor [A4] separation.Unscrambling decoding device [A5] will be by extracting corresponding user data decryption function formula from encrypting and decrypting function exam pool manager [A8]:
Y=d j(L, S, Y Close)
Wherein Y--is a user data; (Y ∈ set of real numbers)
Y Close--encrypted user data; (Y CloseThe ∈ set of real numbers)
d j--be the corresponding user data decryption function, j is its code.
After carrying out compose operation with this relational expression, encrypt user data Y CloseTo be reduced to user data Y by the inverse transformation deciphering, and give relevant device and handle.
It should be noted that: in the early stage of carrying out the encrypted transmission swap data, (T ∈ set of real numbers also can directly adopt the random code S that prestores to take on generally can also to pass the pre-approximate number T that goes both sides to make an appointment from control device [B] to manager [A] encryption earlier by the user.), manager [A] is counted this encrypted session and is sent in the checking computing comparator [A2] after T (or the random code S that prestores) deciphers by unscrambling decoding device [A5], and compare with the pre-approximate number T (or the random code S that retains) that self retains that from user data librarian [A1], takes out, if the two is identical, then the pre-approximate number T that prestores in the user data librarian [A1] is also encrypted and send the user to and from control device [B] and user rs authentication computing comparator [B2] thereof, carry out same comparatively validate, if the two is still identical, just can proceed ensuing mutual transfer of data exchange work; Otherwise if the two difference, then stop next step work and alarmed; Before formal transfer of data exchange beginning, finish further checking in this way, reach at more proper data security protecting to mutual closure.
In the work of above-mentioned data encryption transmission exchange is carried out: pseudo-noise code generator [A6] also in due course machine produce a new random code S ' verification msg after the new change (as a of digital verification msg or b etc., but generally be not all to change after each the connection from control device [B] with the user at manager [A] with other.) be transformed into enciphered data by scrambled device [A7] after, again by data collector [A3] and bidirectional data transfers channel transfer to the user from control device [B]; To compare this reception and the new random code S ' that decrypts with the existing random code S that uses that just working at the XOR comparator [B6] of user from control device [B], if the two difference is then encrypted this new random code S ' again and sent back manager [A]; The new random code S ' that manager [A] then sends back this encryption delivers to comparator [A9] after deciphering by unscrambling decoding device [A5], compare with the new random code S ' that before produced and resided in this at this, if the two is identical, illustrate that then the new random code S ' that the user receives from control device [B] is accurately, therefore this new random code S ' is deposited in the user data librarian [A1] corresponding to the storage space that prestores of this user from the sequence code L of control device [B], meanwhile manager [A] also will send instruction from control device [B] to the user, allow the user also synchronously the new random code S ' that has received is deposited into the storage space that prestores of subscriber's local data storage [B1] from control device [B], (can be chosen to be one of following condition this opportunity: 1. each manager [A] and user carry out in exchanges data finishes from control device [B] machine in due course; 2. manager [A] and user from control device [B] in just be communicated with next time; 3. other are artificial from imposing a condition etc.) both sides will be more synchronously with new random code S ' replace replacement existing separately work random code S; If relatively these two new random codes are unequal in comparator [A9], then will produce a signal and remove to trigger the random code S that pseudo-noise code generator [A6] produces a renewal again again "; and repeat the above-mentioned course of work once more, until in several, finishing above-mentioned work; If can't finish above-mentioned work all the time, manager [A] will stop this process, and be alarmed.So far just finished manager [A] with the user from the transfer of data exchange work overall process of control device [B] after once being communicated with.
It should be noted that: if 1. both sides finish prestoring of new random code S ', but when also not finishing the replacing it of random code S, situations such as exchanges data accidental interruption (as unexpected power down or go offline etc.) take place suddenly, then new random code S ' will continue to remain in the position that prestores, and in recovering this, have no progeny or both sides when being communicated with once more, the new random code S ' that at first these both sides is retained is carried out homogeny judge, just can carry out follow-up work when having only the two identical, otherwise will be alarmed; 2. the course of work of the replacement of digital verification data (a, b etc.) and pre-approximate number T renewal and storage is also similar with the above-mentioned course of work, does not relatively differentiate but do not need that generally data are carried out XOR.
By user shown in Figure 3 from the operation principle of controlling device [B] be: after manager [A] passed through the bidirectional data transfers channel-connectivity with the user from control device [B], user rs authentication computing comparator [B2] produced a checking number (as: Z1=a with elder generation R) also send manager [A] to by user data transceiver [B3] and bidirectional data transfers passage together in company with the sequence code L that from subscriber's local data storage [B1], extracts, begin matching management device [A] thus and carry out aforesaid digital verification process.If checking is passed through smoothly, the exchange process that then will enter the data encryption transmission and receive: 1) user is from control device [B] encrypted transmission datamation
User data Y to be passed, the agreement ciphering user data function formula that by user encryption encoder [B7] time, will from subscriber's local data storage [B1], be extracted by substitution:
Y Close=D j(L, S, Y)
D wherein j--be the ciphering user data function of agreement, j is its code, separates with user data
Close function d jBecome the inverse transformation relation each other.
After carrying out compose operation with this relational expression, user data Y to be passed will be generated encrypted user data Y by positive-going transition Close, and pass through user data transceiver [B3] and send manager [A] to by the bidirectional data transfers channel.2) user is from controlling the decryption work after device [B] receives enciphered data
The encryption manager data X that manager [A] transmits by the bidirectional data transfers channel Close, after user data transceiver [B3] receives, send user's unscrambling decoding device [B4], and with the corresponding manager data decryption function formula that from subscriber's local data storage [B1], extracts:
X=f i(L, S, X Close)
F wherein i--be the manager data decryption function of correspondence, i is its code, with the manager number
According to encryption function F iBecome the inverse transformation relation each other.
After carrying out compose operation with this relational expression, encryption manager data X CloseTo be reduced to manager data X by inverse transformation deciphering, and through data extractor [B5] undertaken by all types of data from after, offer corresponding use equipment or parts respectively and use.
It should be noted that: 1. both sides' data encryption function also can be reduced to F i(S, X), D jForms such as (S, X), its corresponding data decryption function also can be reduced to f i(S, X Close), d j(S, Y Close) etc. form; If 2. F i=D j, f i=d j, system then of the present invention is referred to as symmetrical expression bidirectional encipher transmission system, otherwise then is called asymmetric bidirectional encipher transmission system.
In the course of work of above-mentioned enciphered data exchange, the user also will receive manager [A] from control device [B] and encrypt the new random code S ' that transmits, and give XOR comparator [B6] after the separating of deciphering by user's unscrambling decoding device [B4] and data extractor [B5]; In XOR comparator [B6], will compare this new random code S ' that transmits with the existing random code S that uses that just working,, then will enter aforementioned both sides' the synchronous pre-stored course of work of new random code S ' as if the two difference; If the two is identical, then XOR comparator [B6] will add a small increment Delta δ to this new random code S ', be about to S ' and become S '+Δ δ, send back to centre manager [A] with same cipher mode again, make comparator [A8] unequal when the new random code S ' of retention compares in advance itself and self, thereby trigger pseudo-random generator [A6] and produce the random code S of a renewal more again ", relatively confirm the course of work so begin one again with above-mentioned same random code; If through the several repetitive cycling, still can not determine down new random code, then stop periodic duty, and send information to manager [A] and user from control device [B], manager [A] also will stop from the enclosed exchanges data relation of control device [B] automatically with the user simultaneously.
Description from control device [B] course of work is as can be seen from above-mentioned manager [A] and user in a word: because after the two is communicated with and finishes exchanges data at every turn, a parameter random code S parameter that must be related to when next time being communicated with among the data encrypting and deciphering function of transfer of data exchange changes, thereby whether working properly the preceding exchanges data that once is communicated with is, to be related to next time and be communicated with and normally to carry out, so the equilibrium state of the one-time pad self-loopa encipherment protection that normal data exchange is a precondition before just having formed; In case have the internal system unit and the external world that illegal act generations such as exchanges data are arranged; the random code S parameter that manager [A] and user will be retained mutually from control device [B] misplace (the two is unequal from the random code S of controlling device [B] retention promptly to cause random code S that manager [A] retains and user); this dynamic equilibrium that the two self-loopa is encrypted is broken; manager [A] exchanges in the data that next can't carry out under the encryption condition again from control device [B] mutually with the user; just provide direct caution and discovery means when one the invaded back of system and the subscriber unit behavior of initiatively crossing the border managed take place under multiple situation such as aforementioned thus, also provided a kind of direct safeguard measure of stealing of can effectively anti-automatically data after intrusion behavior takes place being continued simultaneously.
Two particular job procedure declarations: 1, particular encryption data access course of work explanation
In order to give full play to the high confidential nature of native system, receive encryption manager data X from control device [B] the user to data CloseAfter, can be to a part of particular encryption data earlier without user's unscrambling decoding device [B4] deciphering output, but it directly inputs to particular encryption data storage [B9] and stores by particular encryption data identification controller [B8] identification back control, simultaneously also the data decryption function f i and the random code S that worked at that time of this enciphered data under the stored record together WhenJust when need of work, just by input " specific enabled instruction " to particular encryption data identification controller [B8], and under its control, from particular encryption data storage [B9], only read and support those required a part of particular encryption data of current operate as normal and export to user's unscrambling decoding device [B4] (wherein one the tunnel is manager enciphered data X Close, another road is that the data decryption function f i of this enciphered data and the random code S that worked at that time work as), by exporting the work at present of going to support a certain program after its deciphering again.Thisly enciphered data is not all deciphered output; and, just can make the user whole use, obtain anti-copy, anti-piracy protection under the soft-closed encryption handling condition all the time from the data download controlling device [B] and obtain (as software data etc.) just with worked the at that time working method of needed those a part of data of real-time support pattern output.That 2, encrypts equilibrium state initially sets up course of work explanation
For the user from control device [B] be communicated with first with manager [A] or break down after need the situation of connection again, the initial transition course of work that never equilibrates to balance that establishes of equilibrium state is encrypted in its self-loopa, the method of finishing this process is: by from the checking computing comparator [B2] of controlling device [B] a registration switch K who is subjected to other physical action could control its conversion being set the user, when it pushes " registration " position, cover initialization accreditation process by agreement, synchronously import initial digital verification data from control device [B] and manager [A] respectively to the user, data such as random code S, and make it just to set out the static initial conditions of self-loopa encryption balance between the two with this in the corresponding pre-bit of storage; These static initial conditions are provided with work finish after, K switch must be dialled and get back to " return " position, also have only K switch when " return " position, the user from control device [B] just may and manager [A] between set up stable equilibrium's attitude of operate as normal, and finish corresponding transfer of data exchange work.
Manager of the present invention [A] and user are from the specific implementation method of control device [B], remove and to divide by the function of Fig. 2, Fig. 3 block diagram, outside realizing with the hardware mode of electronic circuit, can also on single-chip microcomputer or in the computer system, realize by the mode of coding software.

Claims (10)

1, a kind of based on the method for data encryption transmission exchange under the one-time pad self-loopa equilibrium state and the soft-closed management system of setting up thus, be that manager [A] and user are from the bidirectional data transfers exchange between the control device [B], after it is characterized in that manager [A] and user pass through the bidirectional data transfers channel-connectivity from control device [B] both sides, the user will pass to manager [A] from control device [B] and remove sequence code L, corresponding reservation poke word verification msg and random code S data be retrieved and be extracted to manager [A] will with these data in user data librarian [A1], overlap certain digital verification working procedure that both sides arrange according to one afterwards, utilize and verify in the manager [A] that computing comparator [A2] and the user rs authentication computing comparator [B2] of user from control device [B] carry out digital comparatively validate to mutually pre-retained data, if there is a side defective, then will stop mutual further transfer of data exchange, if verify random code S data substitution data encryption function F separately qualified then that will retain separately iAnd D j, the data decryption function f iAnd d jIn, finish the transmission exchange of both sides' data to be transferred under encipherment protection with the forward and reverse conversion between these functions; Also can allow the user from control device [B] the pre-approximate number T that self retains in advance be encrypted to pass to manager [A] earlier at the beginning of this encrypted transmission swap data goes, and allow manager [A] that the pre-approximate number T that self retains is in advance transmitted from control device [B] encryption to the user, and respectively the checking computing comparator [A2] and user rs authentication computing comparator [B2] in separately the retention pre-approximate number T whether identically compare, identical then qualified, just can carry out next formal data encryption transmission exchange work; In the process of encrypted transmission data, arrive the user behind control device [B] for a part of particular encryption transfer of data, by will directly storing in the particular encryption data storage [B9] after particular encryption data identification controller [B8] identification, only when need of work, just read out and satisfy at that time that part of need of work and be decrypted output for user's unscrambling decoding device [B4] with " specific enabled instruction " control to encrypt form; At manager [A] each time with after the user is communicated with work from control device [B], pseudo-noise code generator [A6] also will produce a new random code S ' and with other also taken place the agreement verification msg that changes together encrypted transmission to the user from control device [B], and the XOR comparator [B6] of user from control device [B] will compare this new random code S ' with the random code S the existing work use, if the two is identical, then will send out and remove to regenerate again a renewal random code S to manager [A] " instruction of passing back; next will repeat above-mentioned relatively deterministic process once more; still defective after repeating for several times; as then will to stop this process; and send warning information to manager [A] and user from control device [B] respectively; if the two difference, then the user sends out to manager [A] from control device [B] and goes new random code S ' to receive and verify qualified affirmation information, and after manager [A] receives this confirmation, will new random code S ' and with other also new conversion the agreement verification msg deposit in together in the buffer memory of user data librarian [A1], and send instruction to the user from control device [B] in this work of prestoring in finishing and allow the new agreement verification msg that has changed of its new random code S ' that also will receive and other deposit in synchronously the buffer memory of subscriber's local data storage [B1], the machine both sides replace the new agreement verification msg that has changed of existing separately work random code S and other with new random code S ' more synchronously in due course, have so far just finished a manager [A] and user are communicated with transfer of data exchange work afterwards from control device [B] overall process.
2, according to according to the user data librarian [A1] in the described manager of claim 1 [A] and the user subscriber's local data storage [B1] from control device [B], it is characterized in that all retaining accordingly synchronously data that both sides make an appointment as: representative of consumer is from the sequence code L of control device [B] identifying information, random code S, the data encryption transforming function transformation function F that contains random code S parameter that all will change after each the connection iAnd D j, contain the data decryption transforming function transformation function f of random code S parameter iAnd d jAnd other relevant digital verification data etc.
3, according to transmitting commutative relation with the user from the data encryption of control device [B] according to the described manager of claim 1 [A], it is characterized in that relying on each never identical random code S parameter among data encryption function and the data decryption function, set up the self-loopa encipherment protection dynamic equilibrium between the bi-directional data encrypted transmission commutative relation under the one-time pad condition, thereby objectively maintaining out a kind of soft-closed exchanges data relation; In case native system is taken place by situations such as illegal invasions; then equilibrium state is with destroyed; enclosed data encryption transmission commutative relation also will be blocked automatically; as long as manager [A] links to each other from control device [B] once more with the user; will in time find this intrusion behavior and can take appropriate measures to remedy; simultaneously because the no longer establishment of data encryption transmission give-and-take conditions each other; also with regard to automatic stoped both sides because of continue that swap data makes that data are constantly stolen and destroy by the outside may, just be formed on thus under the situation that intrusion behavior taken place defencive function afterwards of data.
4, the process of setting up that equilibrium state is encrypted in described self-loopa according to claim 3, it is characterized in that by among control device [B], the K switch that is subjected to other physical action ability control transformation being set the user, when K puts " registration " position, the user is from control device [B] and the cover accreditation process of manager [A] by agreement, synchronously import data such as initial digital verification data, random code S respectively in the two corresponding bank bit, set out the static initial conditions that equilibrium state is encrypted in self-loopa between the two with this; And when only returning " return " position at K, the user from control device [B] just may and manager [A] between set up stable equilibrium's attitude of operate as normal, and finish corresponding transfer of data exchange work.
5, certain digital verification working procedure of arranging according to both sides described in the claim 1; it is characterized in that the pre-relevant data information of retaining from control device [B] by extract management device [A] and user; the two is communicated with afterwards promptly carries out each other the computing of residual in advance relatively by certain algorithmic rule and formula; judge the legitimacy of mutual identity with this, thereby just formed a prior protection function mutual data to be transferred.
6, manager according to claim 1 [A] and user carry out mutual closure checking from control device [B] with the comparison of pre-approximate number T at the beginning of the work of encrypted transmission swap data begins, it is characterized in that pre-approximate number T is the real number that both sides make an appointment and retain, the random code S that reserves in the time of also can utilizing last the connection serves as; If it is qualified that the pre-approximate number T that manager [A] transmits from control device [B] encryption the user verifies, prove that then the user externally is that sealing is good from control device [B], same user is qualified from control device [B] the pre-approximate number T checking that encryption is transmitted to manager [A], proves that then manager [A] externally is that sealing is good.
7, send new random code S ' from control device [B] to manager [A] according to the described user of claim 1 and receive and verify qualified affirmation information, a kind of feature of feeding back the method for this confirmation is that the user is beaming back this new random code S ' from control device [B] to qualified back the encryption again to manager [A] of new random code S ' checking, the new random code S ' that the new random code S ' that comparator [A9] in the manager [A] is then passed this back has retained with self compares, if the two is identical, just can carry out the stores synchronized work of next step both sides to new random code S '; Otherwise if the two difference, then comparator [A9] will be sent out to pseudo-noise code generator [A6] and go a triggering signal, make it produce a random code more again, and carry out once the above-mentioned course of work again, until repeating to reach qualified with interior for several times, otherwise this two transfer of data exchange existing problems are described, and send corresponding alarm prompt.
8, according to the described XOR comparator of claim 1 [B6]; the random code S that it is characterized in that being used for relatively differentiating and guarantee the new random code S ' that produces and existing work all the time anything but together; make manager [A] and user finish its data encryption afterwards and the data decryption function all will change being communicated with at every turn from control device [B]; thereby assurance one-time pad condition can be set up all the time, and forms the dynamic equilibrium system of a self-loopa encipherment protection under normal operation thus.
9, replace the opportunity of the random code S that now works according to the described new random code S ' of claim 1, its feature that replaces opportunity is to satisfy one of following condition: 1. each manager [A] and user finish in the exchanges data from control device [B]; 2. manager [A] and user from control device [B] in just be communicated with next time; 3. other are artificial from imposing a condition etc.; And before finishing new random code S ' and replacing the random code S work of now working, if situations such as transfer of data accidental interruption take place, new random code S ' will be retained in both sides' the buffer memory all the time, and in recovering this, have no progeny, the new random code S ' that at first these both sides is retained is carried out homogeny to be judged, have only under the two identical condition and just can carry out follow-up work, otherwise will be alarmed.
10, according to claim 1 described for a part of particular encryption data storage and read, also will be when it is characterized in that storing the particular encryption data the corresponding with it data decryption function f i and the random code S that worked at that time WhenCorresponding stored together; The time generally only read those a part of particular encryption data that support worked required at that time in deciphering and give user's unscrambling decoding device [B4], and this still with the same deciphering output of finishing these particular encryption data of decryption work process of general enciphered data.
CN 01107004 2001-01-03 2001-01-03 Data encryption transmission and exchange method in self-cycle balance state and soft-closed management system Expired - Fee Related CN1232067C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 01107004 CN1232067C (en) 2001-01-03 2001-01-03 Data encryption transmission and exchange method in self-cycle balance state and soft-closed management system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 01107004 CN1232067C (en) 2001-01-03 2001-01-03 Data encryption transmission and exchange method in self-cycle balance state and soft-closed management system

Publications (2)

Publication Number Publication Date
CN1305285A true CN1305285A (en) 2001-07-25
CN1232067C CN1232067C (en) 2005-12-14

Family

ID=4655958

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 01107004 Expired - Fee Related CN1232067C (en) 2001-01-03 2001-01-03 Data encryption transmission and exchange method in self-cycle balance state and soft-closed management system

Country Status (1)

Country Link
CN (1) CN1232067C (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1808975B (en) * 2006-01-26 2010-09-08 黄涛 System and method of preventing network account from stolen
CN1753359B (en) * 2004-09-24 2011-01-19 华为技术有限公司 Method of implementing SyncML synchronous data transmission
CN102449632A (en) * 2009-05-29 2012-05-09 阿尔卡特朗讯公司 A method of efficient secure function evaluation using resettable tamper-resistant hardware tokens

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1753359B (en) * 2004-09-24 2011-01-19 华为技术有限公司 Method of implementing SyncML synchronous data transmission
US7996358B2 (en) 2004-09-24 2011-08-09 Huawei Technologies Co., Ltd. Method for transmitting syncML synchronization data
US8370296B2 (en) 2004-09-24 2013-02-05 Huawei Technologies Co., Ltd. Method for transmitting SyncML synchronization data
CN1808975B (en) * 2006-01-26 2010-09-08 黄涛 System and method of preventing network account from stolen
CN102449632A (en) * 2009-05-29 2012-05-09 阿尔卡特朗讯公司 A method of efficient secure function evaluation using resettable tamper-resistant hardware tokens
CN102449632B (en) * 2009-05-29 2014-12-31 阿尔卡特朗讯公司 A method of efficient secure function evaluation using resettable tamper-resistant hardware tokens

Also Published As

Publication number Publication date
CN1232067C (en) 2005-12-14

Similar Documents

Publication Publication Date Title
EP0809379B1 (en) Authentication apparatus according to the challenge-response principle
CN100592683C (en) Protected return path from digital rights management dongle
JP5563067B2 (en) Method for authenticating access to secured chip by test equipment
JP2552061B2 (en) Method and apparatus for preventing network security policy violation in public key cryptosystem
US6907127B1 (en) Hierarchical key management encoding and decoding
US7757085B2 (en) Method and apparatus for encrypting data transmitted over a serial link
US10201967B2 (en) System and method for securing a device with a dynamically encrypted password
CN106534092A (en) Message-based and key-dependent privacy data encryption method
JPH05344117A (en) Opposite party certifying/ciphered key distributing system
JPS61501484A (en) Method and apparatus for protecting stored and transmitted data from danger or eavesdropping
US20020049904A1 (en) Access system with possibility of learing unknown access keys
US20110085663A1 (en) Method for the access-related or communication-related random encryption and decryption of data
CN101938353B (en) Method for remotely resetting personal identification number (PIN) of key device
EP0843439B1 (en) Data encryption technique
US20110271104A9 (en) Security device and building block functions
CN1808975B (en) System and method of preventing network account from stolen
CN100431297C (en) Method for preventing user's pin from illegal use by double verification protocol
JP2003084853A (en) Method and system for preventing copy of programmable gate array
CN1232067C (en) Data encryption transmission and exchange method in self-cycle balance state and soft-closed management system
KR100957566B1 (en) Method and apparatus for double encryption of data
CN112559979B (en) Method for protecting software library authorized use on POS machine through hardware security chip
CN102236754B (en) Data security method and electronic device using same
CN109981612B (en) Method and system for preventing cipher machine equipment from being illegally copied and cipher machine equipment
JPH02244926A (en) Method and device for secret data base communication
CN117527209A (en) Cryptographic machine trusted starting method and device, cryptographic machine and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20051214

Termination date: 20180103