[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

TWI644554B - Probabilistic multiple software encryption communication system and method - Google Patents

Probabilistic multiple software encryption communication system and method Download PDF

Info

Publication number
TWI644554B
TWI644554B TW106118799A TW106118799A TWI644554B TW I644554 B TWI644554 B TW I644554B TW 106118799 A TW106118799 A TW 106118799A TW 106118799 A TW106118799 A TW 106118799A TW I644554 B TWI644554 B TW I644554B
Authority
TW
Taiwan
Prior art keywords
software
key
encrypted communication
softwares
keys
Prior art date
Application number
TW106118799A
Other languages
Chinese (zh)
Other versions
TW201904230A (en
Inventor
王紹睿
江彬榮
詹景傑
Original Assignee
中華電信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中華電信股份有限公司 filed Critical 中華電信股份有限公司
Priority to TW106118799A priority Critical patent/TWI644554B/en
Application granted granted Critical
Publication of TWI644554B publication Critical patent/TWI644554B/en
Publication of TW201904230A publication Critical patent/TW201904230A/en

Links

Landscapes

  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

本發明提供一種可容忍攻擊並快速修復原加密系統的機率式多重軟體加密通訊系統及方法,其可靠性及安全性基於隨機圖(Random Graph)的數學理論,本發明系統因發現被攻擊或者軟體金鑰外洩,然後要註銷某個軟體的使用金鑰的話,則將該金鑰被註銷的訊息傳送到每個軟體要求註銷此金鑰,此時所有使用到該金鑰或合法通訊路徑上有使到該金鑰的軟體都將不行再用該金鑰,合法通訊路徑也將失效。若要更改某個金鑰的內容,則重複前面的註銷動作,並傳送新金鑰給所有使用到該金鑰的軟體,原該金鑰的合法加密通訊路徑則不受變更,唯替換舊金鑰為新金鑰。 The invention provides a probability multi-software encryption communication system and method capable of tolerating attacks and quickly repairing an original encryption system. The reliability and security thereof are based on a mathematical theory of a random graph, and the system of the present invention is attacked or software-based. If the key is leaked and then the license key of a software is to be logged out, the message that the key is logged off is sent to each software to request the logout. At this time, all the keys or legal communication paths are used. If the software that makes the key will not use the key again, the legal communication path will also be invalid. To change the content of a key, repeat the previous logout action and transfer the new key to all software that uses the key. The legal encrypted communication path of the key is not changed, only the old gold is replaced. The key is the new key.

Description

機率式多重軟體加密通訊系統及方法 Probabilistic multiple software encryption communication system and method

本發明係為一種機率式多重軟體加密通訊系統及方法,其中係利用隨機圖(Random Graph)的數學理論,建立一隨機加密通訊之系統及方法。 The invention relates to a probability multi-software encryption communication system and method, wherein a system and method for randomly encrypting communication are established by using a mathematical theory of a random graph.

現有的軟體加密通訊系統常遇到之嚴重惡意攻擊,例如系統內部使用者出現間諜串連外部攻擊者竊取機密資料,又或者軟體系統授權金鑰發生外洩,這時候往往無法快速因應及修復原軟體加密通訊系統,甚至控制受影響的系統範圍。 The existing software encryption communication system often encounters serious malicious attacks. For example, the internal users of the system have spy serialized external attackers to steal confidential information, or the software system authorization key is leaked. At this time, it is often impossible to quickly respond to and repair the original. Software-encrypted communication systems that even control the range of systems affected.

因此如何能夠以最簡單及最迅速之方式解決上述之問題,為各方研究探討之課題。 Therefore, how to solve the above problems in the simplest and most rapid way is the subject of research and discussion.

有鑑於上述習知技藝之問題,本發明提供一種可容忍攻擊並快速修復原加密系統的機率式多重軟體加密通訊系統及方法,其可靠性及安全性基於隨機圖(Random Graph)的數學理論。 In view of the above-mentioned problems of the prior art, the present invention provides a probability multi-software encryption communication system and method that can tolerate attacks and quickly repair the original encryption system, and the reliability and security thereof are based on the mathematical theory of Random Graph.

本發明提供之攻擊容忍的機率式多重軟體加密通訊系 統,包含一金鑰產生及管理中心,其建立一個候選金鑰池,並且針對各軟體,從候選金鑰池隨機選取一群金鑰,寫入到該軟體內,其中金鑰可為對稱式金鑰,或者非對稱式金鑰;以及多個軟體,其接受金鑰產生及管理中心寫入金鑰,並且任兩個軟體之間可能為成對軟體,或者可能存在一合法加密通訊路徑連接這兩個軟體,當兩個軟體要進行加密通訊時,透過成對軟體或合法加密通訊路徑來進行加密通訊。 Attack-tolerant probability multi-software encryption communication system provided by the present invention The system includes a key generation and management center, which establishes a pool of candidate keys, and for each software, a group of keys are randomly selected from the candidate key pool and written into the software, wherein the key can be symmetric gold Key, or asymmetric key; and multiple software, which accept key generation and management center write key, and may be paired software between any two software, or there may be a legal encrypted communication path connection Two softwares, when two softwares are to communicate encryptedly, encrypt communication through paired software or legally encrypted communication paths.

其中成對軟體及與其相關的合法加密通訊路徑的定義內容如下所述:若目前系統採用的金鑰系統為對稱式金鑰,成對軟體為兩個軟體之間有一組金鑰是相同的(此金鑰即為成對金鑰);若目前系統採用的金鑰系統為非對稱式金鑰,成對軟體為兩個軟體之間有一組金鑰是成對的公鑰及私鑰,也就是當軟體用其中一金鑰對任一內容進行加密,其結果可被另一金鑰解密,並且解密結果與原內容相同(此組公、私金鑰對即為成對金鑰);此外,若有多組如前述的成對軟體,並且其各組之間具有共同的軟體成員,由此相接而成的一條路徑,此為合法加密通訊路徑。 The definition of the paired software and its legal encrypted communication path is as follows: If the key system used in the current system is a symmetric key, the paired software has the same set of keys between the two softwares ( This key is the pairwise key); if the key system used in the current system is an asymmetric key, the paired software has a set of keys between the two softwares, which are paired public and private keys. That is, when the software encrypts any content with one of the keys, the result can be decrypted by another key, and the decrypted result is the same as the original content (this group of public and private key pairs is the paired key); If there are multiple sets of software as described above, and each group has a common software member, thereby connecting one path, this is a legal encrypted communication path.

本發明提供之攻擊容忍的機率式多重軟體加密通訊方法並快速修復原加密系統的機率式多重軟體加密通訊方法如下:首先在初始化階段本系統會建立一個很大的候選金鑰池,每個使用此系統的軟體在正式散佈出去以前,系統會先從該候選金鑰池隨機選取一群金鑰,寫入到此軟體內。兩個軟體要進入加密通訊階段之前,會先檢查彼此事先被寫入的金鑰群,若恰好有一組金鑰是成對的:相同的對稱式金鑰,或者相對的非對稱式公私金鑰對,則使用該組金鑰進行加密通訊;若查無 彼此任何一組金鑰是成對的,則通知其他軟體,找尋是否可能出現一個合法的加密通訊路徑:是否有多組軟體彼此兩兩滿足成對金鑰,彼此串連後所組成的路徑中有包含前述的兩個軟體,若有存在此合法加密通訊路徑,則前述的兩個軟體之後的加密通訊為:從兩個軟體中任挑一個,並從其金鑰群中任選一個金鑰透過此路徑傳送給對方,或者,利用路徑中每個軟體成對公私金鑰並使用重加密方法傳送資料。此外,當此系統因發現被攻擊或者軟體金鑰外洩,然後要註銷某個軟體的使用金鑰的話,則將該金鑰被註銷的訊息傳送到每個軟體要求註銷此金鑰,此時所有使用到該金鑰或合法通訊路徑上有使到該金鑰的軟體都將不行再用該金鑰,合法通訊路徑也將失效。若要更改某個金鑰的內容,則重複前面的註銷動作,並傳送新金鑰給所有使用到該金鑰的軟體,原該金鑰的合法加密通訊路徑則不受變更,唯替換舊金鑰為新金鑰。 The invention provides an attack-tolerant probability multi-software encryption communication method and quickly repairs the probabilistic multi-software encryption communication method of the original encryption system as follows: First, in the initialization phase, the system will establish a large candidate key pool, each using Before the software of this system is officially distributed, the system will randomly select a group of keys from the candidate key pool and write to the software. Before the two softwares enter the encrypted communication phase, they will first check the key group that was written in advance. If there is exactly one set of keys, they are paired: the same symmetric key, or a relative asymmetric public and private key. Yes, use the group key to encrypt communication; if not If any set of keys is paired with each other, notify other software to find out whether a legal encrypted communication path may occur: whether there are multiple sets of software that satisfy the pairwise keys, and the paths formed by the series are connected in series. There are two softwares mentioned above. If there is such a legal encrypted communication path, the encrypted communication after the foregoing two softwares is: pick one from the two softwares, and select one key from the key group. Transfer to the other party through this path, or use the paired public and private keys of each software in the path and use the re-encryption method to transfer data. In addition, when the system is discovered by the attack or the software key is leaked, and then the license key of a software is to be logged out, the message that the key is logged off is transmitted to each software to request to cancel the key. All software used on the key or legal communication path will cause the software to the key to be used again, and the legal communication path will also be invalid. To change the content of a key, repeat the previous logout action and transfer the new key to all software that uses the key. The legal encrypted communication path of the key is not changed, only the old gold is replaced. The key is the new key.

本發明提供之攻擊容忍的機率式多重軟體加密通訊系統之通訊的可靠性,依照隨機圖(Random Graph)的數學理論,當使用前述方法建置的系統網路內的軟體數目超過10000個,任何兩點之間能夠互通的機率超過0.99999,本發明之攻擊容忍的機率式多重軟體加密通訊系統之的安全性,,就算某個軟體金鑰外洩或被間諜所掌握,也只能影響到有限的網路通訊,換而言之,本發明之攻擊容忍的機率式多重軟體加密通訊系統與方法,係使用一種動態式隨機網路的通訊路徑,每個點跟每個點的通訊路徑都不一樣,並且隨著新增減少節點。或者其上的金鑰,就會改變原本的通訊路徑,因此讓攻擊者無法預測知道兩點(兩軟體)之間的通訊路徑為何。 The reliability of the communication of the attack-tolerant probability multi-software encryption communication system provided by the present invention is in accordance with the mathematical theory of random graph, when the number of softwares in the system network constructed by using the foregoing method exceeds 10,000, any The probability of interoperability between the two points exceeds 0.99999. The security of the attack-tolerant probability multi-software encryption communication system of the present invention can only affect a certain software key even if it is leaked or controlled by a spy. Network communication, in other words, the attack-tolerant probability multi-software encryption communication system and method of the present invention uses a dynamic random network communication path, and the communication path of each point and each point is not The same, and with the addition of new nodes. Or the key on it will change the original communication path, so the attacker can not predict the communication path between the two points (two software).

100‧‧‧金鑰產生及管理中心 100‧‧‧Key Generation and Management Center

200‧‧‧軟體 200‧‧‧Software

110‧‧‧候選金鑰池 110‧‧‧Candidate Key Pool

300‧‧‧合法加密通訊路徑 300‧‧‧ legal encrypted communication path

S201~S209‧‧‧步驟流程 S201~S209‧‧‧Step procedure

圖1係為本發明之攻擊容忍的機率式多重軟體加密通訊系統之架構圖。 1 is a block diagram of an attack-tolerant probability multi-software encryption communication system of the present invention.

圖2係為本發明之攻擊容忍的機率式多重軟體加密通訊方法之流程圖。 2 is a flow chart of the attack-tolerant probability multi-software encryption communication method of the present invention.

為利 貴審查委員了解本創作之技術特徵、內容與優點及其所能達到之功效,茲將本創作配合附圖,並以實施例之表達形式詳細說明如下,而其中所使用之圖式,其主旨僅為示意及輔助說明書之用,未必為本創作實施後之真實比例與精準配置,故不應就所附之圖式的比例與配置關係解讀、侷限本創作於實際實施上的權利範圍,合先敘明。 In order to understand the technical characteristics, content and advantages of the creation and the effects that can be achieved, the authors will use the creation of the drawings in detail with reference to the drawings, and the drawings used therein, The subject matter is only for the purpose of illustration and supplementary instructions. It is not necessarily the true proportion and precise configuration after the implementation of the original creation. Therefore, the proportions and configuration relationships of the attached drawings should not be interpreted or limited in the actual implementation scope. First described.

請參閱圖1,為本發明之攻擊容忍的機率式多重軟體加密通訊系統之架構圖,其中包含一金鑰產生及管理中心100,在金鑰產生及管理中心100內建立一個候選金鑰池110,並且針對各軟體200,從候選金鑰池110隨機選取一群金鑰,寫入到軟體200內,其中金鑰可為對稱式金鑰,或者非對稱式金鑰。 Please refer to FIG. 1 , which is a structural diagram of an attack-tolerant probability multi-software encryption communication system of the present invention, which includes a key generation and management center 100, and establishes a candidate key pool 110 in the key generation and management center 100. And for each software 200, a group of keys are randomly selected from the candidate key pool 110 and written into the software 200, wherein the key may be a symmetric key or an asymmetric key.

其中成對軟體及與其相關的合法加密通訊路徑300之定義內在於,若金鑰為對稱式金鑰,成對軟體為任兩個軟體200之間有一組金鑰是相同的;若目金鑰為非對稱式金鑰,成對軟體為任兩個軟體200之間有一組金鑰是成對的公鑰及私鑰,也就是當軟體200用其中一金鑰對任 一內容進行加密,其結果可被另一金鑰解密,並且解密結果與原內容相同(此組公、私金鑰對即為成對金鑰),最後,當多組如前述的成對軟體,並且其各組成對軟體之間相接而成的一條路徑,此為即合法加密通訊路徑300。 The definition of the paired software and the legal encrypted communication path 300 associated therewith is that if the key is a symmetric key, the paired software has the same set of keys between any two softwares 200; For an asymmetric key, the paired software is a pair of two keys. A set of keys is a pair of public and private keys, that is, when the software 200 uses one of the keys. A content is encrypted, the result can be decrypted by another key, and the decryption result is the same as the original content (this group of public and private key pairs is a pair of keys), and finally, when multiple groups of software such as the aforementioned paired software And a path formed by the respective components connecting the softwares, that is, the legal encrypted communication path 300.

請參閱圖2,為本發明之攻擊容忍的機率式多重軟體加密通訊方法之流程圖,其步驟如下:S201:金鑰產生及管理中心產生一候選金鑰池;S202:金鑰產生及管理中心在軟體的初始化階段從候選金鑰池隨機選取一群金鑰,然後寫入這些金鑰到該軟體內;S203:任兩個軟體要進入加密通訊階段之前,先檢查彼此是否為成對軟體;S204:若是,則使用彼此的成對金鑰進行加密通訊;S205:若否(這兩個軟體不為成對軟體),則檢查彼此之間是否存在一合法加密通訊路徑;S206:若是,則使用該合法加密通訊路徑進行加密通訊;S207:若否,表示兩軟體除了不為成對軟體,也不存在一合法加密通訊路徑,則要求金鑰產生及管理中心進行隨機局部新增金鑰作業;S208:然後再次檢查這兩個軟體是否存在一合法加密通訊路徑;S209:若是,則結束檢查,並使用該合法加密通訊路徑進行加密通訊,若仍否,則再次要求金鑰產生及管理中心進行隨機局部新增金鑰作業(步驟S207),並反覆進行此作業,直至通過檢查,可使用一合法加密通訊路徑進行加密通訊為止。 2 is a flowchart of an attack-tolerant probability multi-software encryption communication method according to the present invention. The steps are as follows: S201: a key generation and management center generates a candidate key pool; S202: a key generation and management center Randomly selecting a group of keys from the candidate key pool in the initialization phase of the software, and then writing the keys to the software; S203: Before any two softwares enter the encrypted communication phase, first check whether each pair is a paired software; S204 : If yes, use each pair of keys to encrypt communication; S205: If no (the two softwares are not paired software), check whether there is a legal encrypted communication path between each other; S206: If yes, use The legal encrypted communication path performs encrypted communication; S207: If not, it indicates that the two softwares do not have a legal encrypted communication path except for the paired software, and the key generation and management center is required to perform a random local new key operation; S208: Then check whether the two softwares have a legal encrypted communication path again; S209: If yes, end the check and use the legal encrypted communication The path is encrypted communication. If not, the key generation and management center is again required to perform a random local addition key operation (step S207), and the operation is repeated until the check is performed, and a legal encrypted communication path can be used for encryption. Until now.

其中,前述的兩個軟體檢查彼此是否為成對軟體的方法 如下:若目前使用的金鑰系統為對稱式金鑰,檢查兩個軟體是否為成對軟體的方法為檢查兩個軟體之間是否存在一組金鑰是彼此相同的,若是,則表示這個兩軟體為成對軟體,若否,則表示不為成對軟體;若目前使用的金鑰系統為非對稱式金鑰,檢查兩個軟體是否為成對軟體的方法為檢查當一軟體用其一金鑰對一內容進行加密後,此加密結果是否可被另一軟體其中的一金鑰解密,並且解密結果與原內容是相同的。 Wherein, the foregoing two softwares check whether each other is a pair of software As follows: If the currently used key system is a symmetric key, the method of checking whether two softwares are paired software is to check whether a set of keys exists between two softwares, and if so, the two are The software is a pair of software. If it is not, it means that it is not a pair of software. If the currently used key system is an asymmetric key, the method of checking whether two softwares are paired software is to check when a software uses one. After the key encrypts a content, whether the result of the encryption can be decrypted by one of the keys of the other software, and the decrypted result is the same as the original content.

其中,前述的兩個軟體檢查彼此是否存在一合法加密通訊路徑的步驟如下:兩個軟體分別透過網路向其他軟體發出檢查彼此是否為成對軟體的請求,若有軟體接受,並使用前述驗證成對軟體的方法,然後將驗證結果回覆給原本發出請求的軟體;原本發出請求的軟體向所有驗證結果為通過的軟體請求對方再向網路上其他軟體發出檢查成對軟體的請求;若有軟體接受,並使用前述驗證成對軟體的方法,然後將驗證結果回覆給原本發出請求的兩個軟體,然後原本發出請求的兩個軟體再向所有驗證結果為通過的軟體請求對方再向網路上其他軟體發出檢查成對軟體的請求;重覆以上流程,直至驗證成對軟體通過的軟體串列連接至當初的另一個軟體為止。 The foregoing two softwares check whether there is a legal encrypted communication path with each other as follows: the two softwares respectively send a request to the other software to check whether each other is a paired software through the network, and if the software accepts, use the foregoing verification to The software method, and then the verification result is replied to the software that originally issued the request; the software that originally issued the request sends a request to the other software on the network to check the paired software to all the software that passes the verification result; if there is software acceptance And using the foregoing method for verifying the paired software, and then replying the verification result to the two softwares that originally issued the request, and then the two softwares that originally issued the request request the other party to the software that passes the verification result to the other software on the network. Issue a request to check the paired software; repeat the above process until the software serial that passes the paired software is connected to the other software.

前述的金鑰產生及管理中心進行隨機局部新增金鑰作業,其步驟包含以下:金鑰產生及管理中心隨機挑選一部分的軟體; 金鑰產生及管理中心針對這些軟體從候選金鑰池隨機選取一群金鑰,最後寫入金鑰到該軟體內。 The foregoing key generation and management center performs a random local addition key operation, and the steps include the following: the key generation and the management center randomly select a part of the software; The key generation and management center randomly selects a group of keys from the candidate key pool for these softwares, and finally writes the key to the software.

其中,前述的金鑰產生及管理中心進行隨機局部新增金鑰作業,其步驟亦可替代為:金鑰產生及管理中心直接針對目前正在處理的兩個軟體從候選金鑰池隨機挑選一成對金鑰,然後分別寫入到這兩個軟體中。 The foregoing key generation and management center performs a random local addition key operation, and the steps may be replaced by: the key generation and management center randomly selects one from the candidate key pool directly for the two softwares currently being processed. The key is then written to the two softwares separately.

其中,前述的兩個軟體使用彼此的成對金鑰進行加密通訊的方法如下:若目前使用的金鑰系統為對稱式金鑰,據前述兩個軟體之間將存在一組相同的對稱式金鑰,故此兩個軟體使用該相同的金鑰來對訊息進行加密及解密來完成此加密通訊;若目前使用的金鑰系統為非對稱式金鑰,據前述兩個軟體之間將存在一組金鑰是成對的公鑰及私鑰,故此兩個軟體之一使用其金鑰對訊息進行加密,其結果可被另一軟體的金鑰解密,由此來完成此加密通訊。 The foregoing two softwares use the pairwise keys of each other to perform encrypted communication as follows: if the currently used key system is a symmetric key, according to the above two software bodies, there will be a set of the same symmetric gold. Key, so the two softwares use the same key to encrypt and decrypt the message to complete the encrypted communication; if the currently used key system is an asymmetric key, there will be a set between the two softwares. The key is a pair of public and private keys. Therefore, one of the two softwares uses its key to encrypt the message, and the result can be decrypted by the key of another software, thereby completing the encrypted communication.

兩個軟體使用合法加密通訊路徑進行加密通訊的方法如下:要發送訊息的軟體先在其軟體上任選一非屬於任何成對金鑰的金鑰,使用此金鑰對訊息進行加密;將此加密後訊息依照前述加密通訊方法傳給合法加密通訊路徑上和此軟體成對的軟體;該成對軟體再重複方法傳送前述加密訊息給其在合法加密通訊路徑上的成對軟體; 接著重複以上步驟直到訊息傳送給加密通訊路徑的另一端,亦即原兩個軟體中的另一軟體為止。 The two softwares use the legal encrypted communication path for encrypted communication as follows: the software to send the message first selects a key on the software that does not belong to any pair of keys, and uses the key to encrypt the message; The encrypted message is transmitted to the software paired with the software in the legal encrypted communication path according to the foregoing encrypted communication method; the paired software repeats the method to transmit the encrypted message to the paired software on the legal encrypted communication path; Then repeat the above steps until the message is sent to the other end of the encrypted communication path, that is, another software in the original two software.

除此之外,本發明提供註銷一軟體其中一金鑰的方法步驟如下:金鑰產生及管理中心針對要註銷的此軟體此一金鑰,將該金鑰被註銷的訊息傳送給每個軟體:以及要求註銷此金鑰,其中所有因該金鑰才形成成對軟體關係的軟體將不再是成對軟體,以及所有使用到該金鑰才形成的合法通訊路徑也將失效。 In addition, the present invention provides a method for canceling one of the keys of a software as follows: the key generation and management center transmits the message of the key to the software for the software to be logged off. : and require the cancellation of this key, in which all software that forms a pairwise software relationship due to the key will no longer be a paired software, and all legitimate communication paths formed using the key will also be invalid.

除此之外,本發明更改一軟體其中一金鑰內容的方法步驟如下:金鑰產生及管理中心針對要更改內容的此軟體此一金鑰,重複前述註銷一軟體其中一金鑰的方法步驟,將此金鑰做註銷;傳送新金鑰給所有使用到該金鑰的軟體,其中所有因該金鑰才形成成對軟體關係的軟體,以及所有使用到該金鑰才形成的合法通訊路徑皆不變更,唯替換舊金鑰為新金鑰。 In addition, the method for modifying a key content of a software in the present invention is as follows: the key generation and management center repeats the foregoing method step of canceling one of the keys of the software for the software to change the content. , the key is logged off; the new key is transmitted to all software that uses the key, and all software that forms a pairwise software relationship due to the key, and all legal communication paths formed using the key No change, only replace the old key as a new key.

綜上所述,本創作不僅於技術思想上確屬創新,並具備習用之傳統方法所不及之上述多項功效,已充分符合新穎性及進步性之法定發明專利要件,爰依法提出申請,懇請 貴局核准本件發明專利申請案,以勵發明,至感德便。 In summary, this creation is not only innovative in terms of technical thinking, but also has many of the above-mentioned functions that are not in the traditional methods of the past. It has fully complied with the statutory invention patent requirements of novelty and progressiveness, and applied for it according to law. The bureau approved the application for the invention patent, in order to invent the invention, to the sense of virtue.

Claims (8)

一種機率式多重軟體加密通訊系統,包含:一金鑰產生及管理中心,其中該金鑰產生及管理中心係設有一金鑰池,該金鑰池中包含複數個金鑰,其中該金鑰產生及管理中心係於該金鑰池內隨機選取一群金鑰,並將該群金鑰寫入複數個軟體的各一軟體內,其中,當訊息傳送前,起始之一軟體係檢查任一另一軟體是否具有對應之金鑰,若有,起始之該軟體則進行訊息傳送,若無,起始該軟體判斷起始該軟體以及任一另該軟體之間是否具有一合法加密通訊路徑,若有,起始該軟體則使用該合法加密通訊路徑進行加密通訊,若無,起始該軟體則要求該金鑰產生及管理中心進行隨機局部新增金鑰作業,並判斷起始該軟體以及任一另該軟體之間是否具有該合法加密通訊路徑,若是,起始該軟體則使用該合法加密通訊路徑進行加密通訊,若無,起始該軟體則要求該金鑰產生及管理中心進行隨機局部新增金鑰作業,重複前步驟,當起始之該軟體進行訊息傳送至目標之一軟體後停止。 A probability multi-software encryption communication system, comprising: a key generation and management center, wherein the key generation and management center is provided with a key pool, the key pool includes a plurality of keys, wherein the key generation And the management center randomly selects a group of keys in the key pool, and writes the group key into each software of the plurality of softwares, wherein, before the message is transmitted, one of the soft systems starts to check any other one. Whether the software has a corresponding key, if yes, the software starts to transmit the message, if not, the software starts to determine whether there is a legal encrypted communication path between the starting software and any other software. If yes, the software is started to use the legal encrypted communication path for encrypted communication. If not, the software is started to request the key generation and management center to perform a random local addition key operation, and the software is started and judged. Whether the software has the legal encrypted communication path between any other software, if yes, the software is started to use the legal encrypted communication path for encrypted communication, if not, the software is required to start the software. And a key management center generates the new local random key operations, repeat the previous step, when the starting of the software to the target after one messaging software stopped. 如申請專利範圍第1項所述之機率式多重軟體加密通訊系統,其中該金鑰包含對稱式金鑰與非對稱式金鑰。 The probability multi-software encryption communication system according to claim 1, wherein the key comprises a symmetric key and an asymmetric key. 如申請專利範圍第2項所述之機率式多重軟體加密通訊系統,其中當該金鑰為對稱式金鑰時,任一該軟體之中與另一任一該軟體之中具有一組 相同金鑰時,則任一該軟體與另一任一該軟體係為成對軟體。 The probability multi-software encryption communication system described in claim 2, wherein when the key is a symmetric key, one of the software and the other one of the softwares In the case of the same key, any of the software is paired with any other soft system. 如申請專利範圍第2項所述之機率式多重軟體加密通訊系統,其中當該金鑰為非對稱式金鑰時,任一該軟體之中具有一公鑰,而另一任一該軟體之中具有對應該公鑰之一私鑰時,則任一該軟體與另一任一該軟體係為成對軟體。 For example, the probability multi-software encryption communication system described in claim 2, wherein when the key is an asymmetric key, any one of the softwares has a public key, and the other one of the softwares When there is a private key corresponding to one of the public keys, then any of the software and the other soft system are paired software. 一種機率式多重軟體加密通訊方法,其步驟包含:一該金鑰產生及管理中心產生一金鑰池,該金鑰池中包含複數個金鑰;該金鑰產生及管理中心係於該金鑰池內隨機選取一群金鑰,並將該群金鑰寫入複數個軟體的各一軟體內;當訊息傳送前,起始之一軟體係檢查任一另一軟體是否具有對應之金鑰,若有則進行訊息傳送,若無,判斷起始該軟體以及任一另該軟體之間是否具有一合法加密通訊路徑,若有,則使用該合法加密通訊路徑進行加密通訊,若無,則要求該金鑰產生及管理中心進行隨機局部新增金鑰作業,並判斷起始該軟體以及任一另該軟體之間是否具有該合法加密通訊路徑,若是,則使用該合法加密通訊路徑進行加密通訊,若無,則要求該金鑰產生及管理中心進行隨機局部新增金鑰作業;以及重複前步驟,當進行訊息傳送至目標之一軟體後停止。 A probability multi-software encryption communication method, the method comprising: a key generation and management center generating a key pool, the key pool comprising a plurality of keys; the key generation and management center is attached to the key A group of keys are randomly selected in the pool, and the group key is written into each software of the plurality of software; before the message is transmitted, the first soft system checks whether any other software has a corresponding key, if If yes, determine whether there is a legal encrypted communication path between the starting software and any other software, and if so, use the legal encrypted communication path for encrypted communication. If not, the request is required. The key generation and management center performs a random local addition key operation, and determines whether the software and the other software have the legal encrypted communication path between the software, and if so, uses the legal encrypted communication path for encrypted communication. If not, the key generation and management center is required to perform a random local addition key operation; and the previous steps are repeated, and the message is transmitted to the target software and then stopped. . 如申請專利範圍第5項所述之機率式多重軟體加密通訊方法,其中該金鑰包含對稱式金鑰與非對稱式金鑰。 The method of claim 2, wherein the key comprises a symmetric key and an asymmetric key. 如申請專利範圍第6項所述之機率式多重軟體加密通訊方法,其中當該 金鑰為對稱式金鑰時,任一該軟體之中與另一任一該軟體之中具有一組相同金鑰時,則任一該軟體與另一任一該軟體係為成對軟體。 The method of claim multi-software encryption communication according to claim 6 of the patent application scope, wherein When the key is a symmetric key, if any one of the softwares has the same set of keys as the other software, then any one of the softwares is paired with the other soft system. 如申請專利範圍第6項所述之機率式多重軟體加密通訊方法,其中當該金鑰為非對稱式金鑰時,任一該軟體之中具有一公鑰,而另一任一該軟體之中具有對應該公鑰之一私鑰時,則任一該軟體與另一任一該軟體係為成對軟體。 The method of claim 2, wherein the key is an asymmetric key, and any one of the softwares has a public key, and the other one of the softwares is included in the software. When there is a private key corresponding to one of the public keys, then any of the software and the other soft system are paired software.
TW106118799A 2017-06-07 2017-06-07 Probabilistic multiple software encryption communication system and method TWI644554B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW106118799A TWI644554B (en) 2017-06-07 2017-06-07 Probabilistic multiple software encryption communication system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW106118799A TWI644554B (en) 2017-06-07 2017-06-07 Probabilistic multiple software encryption communication system and method

Publications (2)

Publication Number Publication Date
TWI644554B true TWI644554B (en) 2018-12-11
TW201904230A TW201904230A (en) 2019-01-16

Family

ID=65432089

Family Applications (1)

Application Number Title Priority Date Filing Date
TW106118799A TWI644554B (en) 2017-06-07 2017-06-07 Probabilistic multiple software encryption communication system and method

Country Status (1)

Country Link
TW (1) TWI644554B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040054907A1 (en) * 2002-07-30 2004-03-18 Alain Chateau Indirect data protection using random key encryption
TW200715796A (en) * 2005-10-07 2007-04-16 Hon Hai Prec Ind Co Ltd Method and system for encrypting software
TW201001227A (en) * 2008-06-27 2010-01-01 Hon Hai Prec Ind Co Ltd System and method for encrypting software
US20140068254A1 (en) * 2012-08-29 2014-03-06 Box, Inc. Upload and download streaming encryption to/from a cloud-based platform
US20170099144A1 (en) * 2015-10-06 2017-04-06 Prem Sobel Embedded encryption platform comprising an algorithmically flexible multiple parameter encryption system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040054907A1 (en) * 2002-07-30 2004-03-18 Alain Chateau Indirect data protection using random key encryption
TW200715796A (en) * 2005-10-07 2007-04-16 Hon Hai Prec Ind Co Ltd Method and system for encrypting software
TW201001227A (en) * 2008-06-27 2010-01-01 Hon Hai Prec Ind Co Ltd System and method for encrypting software
US20140068254A1 (en) * 2012-08-29 2014-03-06 Box, Inc. Upload and download streaming encryption to/from a cloud-based platform
US20170099144A1 (en) * 2015-10-06 2017-04-06 Prem Sobel Embedded encryption platform comprising an algorithmically flexible multiple parameter encryption system

Also Published As

Publication number Publication date
TW201904230A (en) 2019-01-16

Similar Documents

Publication Publication Date Title
JP6547079B1 (en) Registration / authorization method, device and system
CN110603783B (en) Secure dynamic threshold signature scheme using trusted hardware
US9875368B1 (en) Remote authorization of usage of protected data in trusted execution environments
TWI479870B (en) Apparatus and method for authentication between devices based on puf over machine-to-machine communications
CN102138300B (en) Message authentication code pre-computation with applications to secure memory
JP2020528224A (en) Secure execution of smart contract operations in a reliable execution environment
CN110914851A (en) Improving integrity of communications between blockchain networks and external data sources
KR102397579B1 (en) Method and apparatus for white-box cryptography for protecting against side channel analysis
CN101588245A (en) A kind of method of authentication, system and memory device
JP2008507203A (en) Method for transmitting a direct proof private key in a signed group to a device using a distribution CD
CN103500202A (en) Security protection method and system for light-weight database
NL2033981B1 (en) Method for encrypting and decrypting data across domains based on privacy computing
JP2022013809A (en) Pqa lock release
CN105071941A (en) Method and device for identity authentication of nodes of distributed system
Black et al. Be careful who you trust: Issues with the Public Key Infrastructure
CN114553557B (en) Key calling method, device, computer equipment and storage medium
Checkoway et al. Where did i leave my keys? Lessons from the juniper dual ec incident
TWI644554B (en) Probabilistic multiple software encryption communication system and method
KR102539418B1 (en) Apparatus and method for mutual authentication based on physical unclonable function
Balisane et al. Trusted execution environment-based authentication gauge (TEEBAG)
US11159497B2 (en) Secure message passing using semi-trusted intermediaries
Wang et al. BSVMS: novel autonomous trustworthy scheme for video monitoring
Yoo et al. Confidential information protection system for mobile devices
Wittkotter WaC: Trustworthy Encryption and Communication in an IT Ecosystem with Artificial Superintelligence
CN111510918B (en) Communication method, system, device, electronic equipment and readable storage medium