CN111756541A - Method, server, terminal and system for transmitting secret key - Google Patents
Method, server, terminal and system for transmitting secret key Download PDFInfo
- Publication number
- CN111756541A CN111756541A CN201910231042.9A CN201910231042A CN111756541A CN 111756541 A CN111756541 A CN 111756541A CN 201910231042 A CN201910231042 A CN 201910231042A CN 111756541 A CN111756541 A CN 111756541A
- Authority
- CN
- China
- Prior art keywords
- sequence
- response
- challenge
- random number
- auxiliary data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 230000004044 response Effects 0.000 claims abstract description 109
- 238000011084 recovery Methods 0.000 claims description 7
- 238000012937 correction Methods 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 238000013461 design Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000032683 aging Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- JJWKPURADFRFRB-UHFFFAOYSA-N carbonyl sulfide Chemical compound O=C=S JJWKPURADFRFRB-UHFFFAOYSA-N 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 230000009131 signaling function Effects 0.000 description 1
- 230000035882 stress Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3278—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/004—Arrangements for detecting or preventing errors in the information received by using forward error control
- H04L1/0056—Systems characterized by the type of code used
- H04L1/0057—Block codes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/004—Arrangements for detecting or preventing errors in the information received by using forward error control
- H04L1/0056—Systems characterized by the type of code used
- H04L1/0061—Error detection codes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the invention provides a method, a server, a terminal and a system for transmitting a secret key, and the method is firstly applied to a server side and comprises the following steps: acquiring a response sequence in a challenge-response pair; acquiring a random number sequence; encrypting the response sequence according to the random number sequence to obtain auxiliary data; transmitting the challenge sequence and the assistance data in the challenge-response pair. Secondly, the method applied to the terminal comprises the following steps: receiving a challenge sequence and auxiliary data in a challenge response pair sent by a server side; generating a generation response sequence according to the challenge sequence through a non-duplicable functional chip; and recovering the auxiliary data according to the generated response sequence to obtain a random number sequence in the auxiliary data and a response sequence in the challenge response pair. By the aid of the transmission method, the PUF chip in key transmission has higher availability under different use environments.
Description
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a method, a server, a terminal, and a system for transmitting a key.
Background
A non-duplicable functional chip (PUF chip) is a physical analog signal function mapping relationship. The PUF chip is influenced by external environments such as temperature, mechanical stress and even cosmic rays, and even more, the functional relationship changes over time due to the aging of the device performance in the chip, so that the challenge response pair (CR pair) generated by the PUF chip in the using process has some differences from the CR pair registered on a data platform or a server, and the differences are usually small; but is unacceptable for PUF chips to be used for authentication and encryption. Authentication and encryption/decryption are performed in a pure digital operation state, digital keys have avalanche performance, and the authentication and encryption states can be changed completely through tiny differences. Therefore, the mapping characteristics of the PUF chip functions are slightly changed, and correction cannot be used without error correction.
Disclosure of Invention
Embodiments of the present invention provide a method, a server, a terminal, and a system for transmitting a secret key, so that a certain error can be allowed between a digitized CR pair generated by a PUF chip and a CR pair registered on the server in different usage environments, and the PUF chip can be used in different environments.
In order to achieve the above object, in one aspect, an embodiment of the present invention provides a method for transmitting a key, which is applied to a server, where the method includes:
acquiring a response sequence in a challenge-response pair;
acquiring a random number sequence;
encrypting the response sequence according to the random number sequence to obtain auxiliary data;
transmitting the challenge sequence and the assistance data in the challenge-response pair.
In another aspect, an embodiment of the present invention provides a method for transmitting a key, which is applied to a terminal, and the method includes:
receiving a challenge sequence and auxiliary data in a challenge response pair sent by a server side;
generating a generation response sequence according to the challenge sequence through a non-duplicable functional chip;
and recovering the auxiliary data according to the generated response sequence to obtain a random number sequence in the auxiliary data and a response sequence in the challenge response pair.
In another aspect, an embodiment of the present invention provides a server for transmitting a key, where the server includes:
a response sequence acquisition unit, configured to acquire a response sequence in the challenge-response pair;
a random number sequence acquisition unit for acquiring a random number sequence;
the data encryption unit encrypts the response sequence according to the random number sequence to obtain auxiliary data;
and an information sending unit, configured to send the challenge sequence and the auxiliary data in the challenge-response pair.
In another aspect, an embodiment of the present invention provides a terminal for transmitting a key, where the terminal includes:
the information receiving unit is used for receiving the challenge sequence and the auxiliary data in the challenge response pair sent by the server side;
a generated response sequence generating unit which generates a generated response sequence according to the challenge sequence through a non-duplicable functional chip;
and the data recovery unit recovers the auxiliary data according to the generated response sequence to obtain a random number sequence in the auxiliary data and a response sequence in the challenge response pair.
In another aspect, an embodiment of the present invention provides a system for transmitting a key, where the system includes the server for transmitting a key and the terminal for transmitting a key.
The technical scheme has the following beneficial effects: the invention ensures that a certain error can be allowed between the digital CR pair generated by the PUF chip under the using environment and the CR pair registered on the server through the encryption means of the response sequence in the random number sequence and the challenge response pair, so that the PUF chip can be used under different environments.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flow chart of a method of transferring a key according to an embodiment of the present invention;
FIG. 2 is a flow chart of a method of transferring a key according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a server for transmitting a secret key according to an embodiment of the present invention;
FIG. 4 is a schematic structural diagram of a data encryption unit according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a terminal for transmitting a secret key according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a data recovery unit according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a flowchart of a method for transmitting a key according to an embodiment of the present invention, where the method is applied to a server, and the method includes:
s101, acquiring a response sequence in a challenge response pair;
s102, acquiring a random number sequence;
s103, encrypting the response sequence according to the random number sequence to obtain auxiliary data;
and S104, sending the challenge sequence in the challenge response pair and the auxiliary data.
Preferably, the encrypting the response sequence according to the random number sequence to obtain the auxiliary data includes:
coding the random number sequence by an error checking and correcting coding method to obtain a random number sequence with a check code;
and carrying out one-time pad encryption on the response sequence by utilizing the random number sequence with the check code to obtain auxiliary data.
Preferably, the error checking and correcting coding method is a binary linear code BCH error correction coding method or a low density parity check code LDPC code coding method.
At the server side, the response sequence R in the CR pair in which the challenge response pair has been registered is taken as follows:
taking a random number sequence RNG, and coding the random number sequence by an error checking and correcting coding method ECC coding method; the ECC encoding may be BCH error correction encoding obtained by a binary linear code BCH code encoding method, or an LDPC code obtained by a low density parity check code LDPC code encoding method, depending on the code length. The general challenge response sequence produced by PUF is short, BCH coding is only needed, and due to the good random performance of RNG sequence, the random number quality is high, and actually the random number is a high-quality key. The code length of the RNG can be equal to the code length R of the response sequence, and the helper data is actually a one-time encryption of the registered response sequence by the RNG, which is theoretically absolutely indecipherable if the key of the RNG is not taken according to shannon's theorem. Note that on the server side, the registered CR pairs and RNG sequences must be guaranteed not to be stolen by third parties, which is a significant requirement for security.
When a server serves as a request party to initiate a communication measurement request to a terminal PUF, a challenge sequence C and corresponding HelpData in a CR pair need to be sent in a challenge response mode.
As shown in fig. 2, which is a flowchart of a method for transmitting a key according to an embodiment of the present invention, applied to a terminal, the method includes:
s201, receiving a challenge sequence and auxiliary data in a challenge response pair sent by a server;
s202, generating a generation response sequence according to the challenge sequence through a non-duplicable functional chip;
s203, recovering the auxiliary data according to the generated response sequence to obtain a random number sequence in the auxiliary data and a response sequence in the challenge response pair.
Preferably, the recovering the auxiliary data according to the generated response sequence to obtain a response sequence in a challenge-response pair includes:
performing modulo-2 addition operation on the generated response sequence and the auxiliary data to obtain operated data;
decoding the calculated data through an error checking and correcting module to obtain a random number sequence and a random number sequence with a check code;
and performing modulo-2 addition operation on the random number sequence with the check code and the auxiliary data to obtain a response sequence in a challenge response pair.
After the PUF chip receives the challenge sequence C as a responder, a new generated response sequence R ' is generated by the PUF chip, please note that for a certain CR pair registered on the server, R ' generated when C is re-input to the PUF chip is not exactly equal to R, and may be more or less different, and R ' and R ≧ RNG | T (RNG | T) are modulo-2 added at the PUF chip end.
Make it
If R 'is very close to R, and the difference of the obtained (R' -R) is very small, then (RNG | T) can be decoded out by the decoding function of the corresponding ECC in the PUF chip to obtain RNG at the same time. Then (RNG | T) and HelpData are subjected to modulo-2 addition to obtain R, so that a response sequence which is completely the same as the response sequence registered by the server and corresponding to the challenge sequence is obtained at the terminal side of the PUF chip. Although there is some difference between the physically generated responses R' and R at the PUF chip side. The RNG and response sequence transmitted by the transmission method are alternatives as keys.
The following two points are noted here:
HelpData can be transmitted over the open channel, although it is generated by RNG and R, but does not contain any information that can be exploited for third party attacks, since it is theoretically absolutely indecipherable, corresponding to the one-time pad cipher demonstrated by Shannon.
② the difference between R' and R can not be too large, there are two factors limitation, the first is ECC error correction coding and decoding limitation. Secondly, the code length limit of R is limited, if the difference is too large, the probability is high, and one PUF chip collides with the CR characteristic of another PUF, so that the safety is influenced.
The decoding process at the end of the PUF chip utilizes the characteristic that R' is approximately equal to R, so that the security of the system depends on the uniqueness and unpredictability of the PUF.
The random number sequence RNG and the response sequence R which is the same as the random number sequence RNG and the response sequence R are obtained at the PUF end, and the key can be generated by the RNG or the R or the combination of the RNG and the R according to the convention of the server end and the PUF chip end.
This enables the server side and the PUF to have the same secret key for symmetric encryption/decryption or mutual authentication.
Corresponding to the above-mentioned embodiment of the method for transmitting a key applied to the server side, as shown in fig. 3, a schematic structural diagram of a server for transmitting a key according to an embodiment of the present invention is shown, where the server includes:
a response sequence acquiring unit 11, configured to acquire a response sequence in the challenge-response pair;
a random number sequence acquisition unit 12 for acquiring a random number sequence;
a data encryption unit 13 for encrypting the response sequence according to the random number sequence to obtain auxiliary data;
an information sending unit 14, configured to send the challenge sequence in the challenge-response pair and the auxiliary data.
Preferably, as shown in fig. 4, which is a schematic structural diagram of a data encryption unit according to an embodiment of the present invention, the data encryption unit 13 includes:
the encoding module 131 is configured to encode the random number sequence by an error checking and correcting encoding method to obtain a random number sequence with a check code;
the encryption module 132 performs one-time pad encryption on the response sequence by using the random number sequence with the check code to obtain the auxiliary data.
Corresponding to the above-mentioned embodiment of a method for transmitting a key applied to a terminal, as shown in fig. 5, a schematic structural diagram of a terminal for transmitting a key according to an embodiment of the present invention is shown, where the terminal includes:
an information receiving unit 21, configured to receive the challenge sequence and the auxiliary data in the challenge-response pair;
a generated response sequence generating unit 22 that generates a generated response sequence from the challenge sequence by using a non-duplicable functional chip;
and the data recovery unit 23 recovers the auxiliary data according to the generated response sequence to obtain a random number sequence in the auxiliary data and a response sequence in the challenge-response pair.
Preferably, as shown in fig. 6, which is a schematic structural diagram of a data recovery unit according to an embodiment of the present invention, the data recovery unit 23 includes:
a first operation module 231, configured to perform modulo-2 addition operation on the generated response sequence and the auxiliary data to obtain operated data;
a decoding module 232, configured to decode the calculated data through the error checking and correcting module to obtain a random number sequence and a random number sequence with a check code;
and a second operation module 233, configured to perform modulo-2 addition operation on the random number sequence with the check code and the auxiliary data to obtain a response sequence in a challenge-response pair.
It should be understood that the specific order or hierarchy of steps in the processes disclosed is an example of exemplary approaches. Based upon design preferences, it is understood that the specific order or hierarchy of steps in the processes may be rearranged without departing from the scope of the present disclosure. The accompanying method claims present elements of the various steps in a sample order, and are not intended to be limited to the specific order or hierarchy presented.
In the foregoing detailed description, various features are grouped together in a single embodiment for the purpose of streamlining the disclosure. This method of disclosure is not to be interpreted as reflecting an intention that the claimed embodiments of the subject matter require more features than are expressly recited in each claim. Rather, as the following claims reflect, invention lies in less than all features of a single disclosed embodiment. Thus, the following claims are hereby expressly incorporated into the detailed description, with each claim standing on its own as a separate preferred embodiment of the invention.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. To those skilled in the art; various modifications to these embodiments will be readily apparent, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
What has been described above includes examples of one or more embodiments. It is, of course, not possible to describe every conceivable combination of components or methodologies for purposes of describing the aforementioned embodiments, but one of ordinary skill in the art may recognize that many further combinations and permutations of various embodiments are possible. Accordingly, the embodiments described herein are intended to embrace all such alterations, modifications and variations that fall within the scope of the appended claims. Furthermore, to the extent that the term "includes" is used in either the detailed description or the claims, such term is intended to be inclusive in a manner similar to the term "comprising" as "comprising" is interpreted when employed as a transitional word in a claim. Furthermore, any use of the term "or" in the specification of the claims is intended to mean a "non-exclusive or".
Those of skill in the art will further appreciate that the various illustrative logical blocks, units, and steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate the interchangeability of hardware and software, various illustrative components, elements, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design requirements of the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present embodiments.
The various illustrative logical blocks, or elements, described in connection with the embodiments disclosed herein may be implemented or performed with a general purpose processor, a digital signal processor, an Application Specific Integrated Circuit (ASIC), a field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. A general-purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a digital signal processor and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a digital signal processor core, or any other similar configuration.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may be stored in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. For example, a storage medium may be coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC, which may be located in a user terminal. In the alternative, the processor and the storage medium may reside in different components in a user terminal.
In one or more exemplary designs, the functions described above in connection with the embodiments of the invention may be implemented in hardware, software, firmware, or any combination of the three. If implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media that facilitate transfer of a computer program from one place to another. Storage media may be any available media that can be accessed by a general purpose or special purpose computer. For example, such computer-readable media can include, but is not limited to, RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to carry or store program code in the form of instructions or data structures and which can be read by a general-purpose or special-purpose computer, or a general-purpose or special-purpose processor. Additionally, any connection is properly termed a computer-readable medium, and, thus, is included if the software is transmitted from a website, server, or other remote source via a coaxial cable, fiber optic cable, twisted pair, Digital Subscriber Line (DSL), or wirelessly, e.g., infrared, radio, and microwave. Such discs (disk) and disks (disc) include compact disks, laser disks, optical disks, DVDs, floppy disks and blu-ray disks where disks usually reproduce data magnetically, while disks usually reproduce data optically with lasers. Combinations of the above may also be included in the computer-readable medium.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are merely exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (10)
1. A method for transmitting a key, applied to a server, the method comprising:
acquiring a response sequence in a challenge-response pair;
acquiring a random number sequence;
encrypting the response sequence according to the random number sequence to obtain auxiliary data;
transmitting the challenge sequence and the assistance data in the challenge-response pair.
2. A method for transmitting a key according to claim 1, wherein said encrypting the response sequence based on the random number sequence to obtain the auxiliary data comprises:
coding the random number sequence by an error checking and correcting coding method to obtain a random number sequence with a check code;
and carrying out one-time pad encryption on the response sequence by utilizing the random number sequence with the check code to obtain auxiliary data.
3. A method of transmitting a key according to claim 2, wherein the error checking and correcting coding method is a binary linear code BCH error correction coding method or a low density parity check code LDPC coding method.
4. A method for transmitting a key, applied to a terminal, the method comprising:
receiving a challenge sequence and auxiliary data in a challenge response pair sent by a server side;
generating a generation response sequence according to the challenge sequence through a non-duplicable functional chip;
and recovering the auxiliary data according to the generated response sequence to obtain a random number sequence in the auxiliary data and a response sequence in the challenge response pair.
5. The method of claim 4, wherein recovering the auxiliary data from the generated response sequence to obtain a response sequence in a challenge-response pair comprises:
performing modulo-2 addition operation on the generated response sequence and the auxiliary data to obtain operated data;
decoding the calculated data through an error checking and correcting module to obtain a random number sequence with a check code and a random number sequence;
and performing modulo-2 addition operation on the random number sequence with the check code and the auxiliary data to obtain a response sequence in a challenge response pair.
6. A server for transmitting a key, the server comprising:
a response sequence acquisition unit, configured to acquire a response sequence in the challenge-response pair;
a random number sequence acquisition unit for acquiring a random number sequence;
the data encryption unit encrypts the response sequence according to the random number sequence to obtain auxiliary data;
and an information sending unit, configured to send the challenge sequence and the auxiliary data in the challenge-response pair.
7. The server for transmitting a key according to claim 6, wherein the data encryption unit comprises:
the coding module is used for coding the random number sequence by an error checking and correcting coding method to obtain the random number sequence with a check code;
and the encryption module is used for carrying out one-time pad encryption on the response sequence by utilizing the random number sequence with the check code to obtain auxiliary data.
8. A terminal for transmitting a key, the terminal comprising:
the information receiving unit is used for receiving the challenge sequence and the auxiliary data in the challenge response pair sent by the server side;
a generated response sequence generating unit which generates a generated response sequence according to the challenge sequence through a non-duplicable functional chip;
and the data recovery unit recovers the auxiliary data according to the generated response sequence to obtain a random number sequence in the auxiliary data and a response sequence in the challenge response pair.
9. The terminal for transmitting the key according to claim 8, wherein the data recovery unit comprises:
the first operation module is used for performing modulo-2 addition operation on the generated response sequence and the auxiliary data to obtain operated data;
the decoding module is used for decoding the calculated data through the error checking and correcting module to obtain a random number sequence with a check code and a random number sequence;
and the second operation module is used for performing modulo-2 addition operation on the random number sequence with the check code and the auxiliary data to obtain a response sequence in the challenge response pair.
10. A system for transferring keys, characterized in that it comprises a server for transferring keys according to any one of claims 6 to 7 and a terminal for transferring keys according to any one of claims 8 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910231042.9A CN111756541A (en) | 2019-03-26 | 2019-03-26 | Method, server, terminal and system for transmitting secret key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910231042.9A CN111756541A (en) | 2019-03-26 | 2019-03-26 | Method, server, terminal and system for transmitting secret key |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111756541A true CN111756541A (en) | 2020-10-09 |
Family
ID=72672042
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910231042.9A Pending CN111756541A (en) | 2019-03-26 | 2019-03-26 | Method, server, terminal and system for transmitting secret key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111756541A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112737770A (en) * | 2020-12-22 | 2021-04-30 | 北京航空航天大学 | PUF-based network bidirectional authentication and key agreement method and device |
| TWI804439B (en) * | 2021-12-21 | 2023-06-01 | 慧榮科技股份有限公司 | Apparatus and method for detecting errors during data encryption |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090183248A1 (en) * | 2004-10-04 | 2009-07-16 | Koninklijke Philips Electronics, N.V. | Two-way error correction for physical tokens |
| US20090217045A1 (en) * | 2005-11-29 | 2009-08-27 | Koninklijke Philps Electronics, N.V. | Physical secret sharing and proofs of vicinity using pufs |
| US20120204023A1 (en) * | 2009-10-21 | 2012-08-09 | Christiaan Kuipers | Distribution system and method for distributing digital information |
| WO2014192077A1 (en) * | 2013-05-28 | 2014-12-04 | 三菱電機株式会社 | Authentication processing device and authentication processing method |
| US8918647B1 (en) * | 2013-11-10 | 2014-12-23 | Sypris Electronics, Llc | Authentication system |
| US20160156476A1 (en) * | 2014-11-28 | 2016-06-02 | Yong Ki Lee | Physically Unclonable Function Circuits and Methods of Performing Key Enrollment in Physically Unclonable Function Circuits |
| US9703989B1 (en) * | 2014-12-23 | 2017-07-11 | Altera Corporation | Secure physically unclonable function (PUF) error correction |
| CN107004380A (en) * | 2014-10-13 | 2017-08-01 | 本质Id有限责任公司 | Include the encryption device of the unclonable function of physics |
| CN107493171A (en) * | 2016-06-13 | 2017-12-19 | 上海复旦微电子集团股份有限公司 | Wireless radios, certificate server and authentication method |
| CN107924645A (en) * | 2015-08-06 | 2018-04-17 | 本质Id有限责任公司 | There is the unclonable encryption device of physics |
| CN109428712A (en) * | 2017-08-24 | 2019-03-05 | 上海复旦微电子集团股份有限公司 | Data Encrypt and Decrypt method and data Encrypt and Decrypt system |
-
2019
- 2019-03-26 CN CN201910231042.9A patent/CN111756541A/en active Pending
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090183248A1 (en) * | 2004-10-04 | 2009-07-16 | Koninklijke Philips Electronics, N.V. | Two-way error correction for physical tokens |
| US20090217045A1 (en) * | 2005-11-29 | 2009-08-27 | Koninklijke Philps Electronics, N.V. | Physical secret sharing and proofs of vicinity using pufs |
| US20120204023A1 (en) * | 2009-10-21 | 2012-08-09 | Christiaan Kuipers | Distribution system and method for distributing digital information |
| WO2014192077A1 (en) * | 2013-05-28 | 2014-12-04 | 三菱電機株式会社 | Authentication processing device and authentication processing method |
| US8918647B1 (en) * | 2013-11-10 | 2014-12-23 | Sypris Electronics, Llc | Authentication system |
| CN107004380A (en) * | 2014-10-13 | 2017-08-01 | 本质Id有限责任公司 | Include the encryption device of the unclonable function of physics |
| US20170310489A1 (en) * | 2014-10-13 | 2017-10-26 | Intrinsic Id B.V. | Cryptographic device comprising a physical unclonable function |
| US20160156476A1 (en) * | 2014-11-28 | 2016-06-02 | Yong Ki Lee | Physically Unclonable Function Circuits and Methods of Performing Key Enrollment in Physically Unclonable Function Circuits |
| US9703989B1 (en) * | 2014-12-23 | 2017-07-11 | Altera Corporation | Secure physically unclonable function (PUF) error correction |
| CN107924645A (en) * | 2015-08-06 | 2018-04-17 | 本质Id有限责任公司 | There is the unclonable encryption device of physics |
| CN107493171A (en) * | 2016-06-13 | 2017-12-19 | 上海复旦微电子集团股份有限公司 | Wireless radios, certificate server and authentication method |
| CN109428712A (en) * | 2017-08-24 | 2019-03-05 | 上海复旦微电子集团股份有限公司 | Data Encrypt and Decrypt method and data Encrypt and Decrypt system |
Non-Patent Citations (2)
| Title |
|---|
| 吴缙: "基于PUF的可信根及可信计算平台架构设计", 《电子技术应用》 * |
| 吴缙: "基于PUF的可信根及可信计算平台架构设计", 《电子技术应用》, 6 September 2018 (2018-09-06), pages 1 - 2 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112737770A (en) * | 2020-12-22 | 2021-04-30 | 北京航空航天大学 | PUF-based network bidirectional authentication and key agreement method and device |
| TWI804439B (en) * | 2021-12-21 | 2023-06-01 | 慧榮科技股份有限公司 | Apparatus and method for detecting errors during data encryption |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220229727A1 (en) | Encoding and storage node repairing method for minimum storage regenerating codes for distributed storage systems | |
| WO2019153867A1 (en) | Two-dimensional code generation and identification | |
| US8510608B2 (en) | Generating PUF error correcting code using redundant hardware | |
| KR100887003B1 (en) | Apparatus and method for protecting the integrity of data | |
| US10650373B2 (en) | Method and apparatus for validating a transaction between a plurality of machines | |
| US20090063861A1 (en) | Information security transmission system | |
| JP5510590B2 (en) | Transmission system, method and program | |
| JP6588048B2 (en) | Information processing device | |
| CN103167490B (en) | Wireless key distribution method, Apparatus and system | |
| JP2013523043A (en) | How to identify and protect the integrity of a source dataset | |
| US20160344428A1 (en) | Joint encryption and error correction encoding | |
| US20120017086A1 (en) | Information security transmission system | |
| Hiller et al. | Systematic low leakage coding for physical unclonable functions | |
| CN111756541A (en) | Method, server, terminal and system for transmitting secret key | |
| CN111756540B (en) | Ciphertext transmission method, terminal, server and system | |
| TW202001920A (en) | Method and apparatus for improved data recovery in data storage systems | |
| KR101675674B1 (en) | Quantum signature apparatus for quantum message | |
| JP7429223B2 (en) | Turbo product code decoding method, device, decoder and computer storage medium | |
| KR101852526B1 (en) | Method for managing encrypted file in mobile device and encrypted file management system having the same | |
| US20160072624A1 (en) | Encrypted text matching system, method, and computer readable medium | |
| US20240275767A1 (en) | Secure Data Exchange Using Format-Preserving Encryption | |
| US20190349363A1 (en) | Biometric authentication with enhanced biometric data protection | |
| CN111756525B (en) | Method, server, terminal and system for transmitting high-quality key | |
| US20220358203A1 (en) | Puf-rake: a puf-based robust and lightweight authentication and key establishment protocol | |
| US20160080142A1 (en) | Encrypted text matching system, method, and computer readable medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201009 |
|
| RJ01 | Rejection of invention patent application after publication |