CN1148035C - Apparatus for securing user's information in mobile communication system connected to internet and method thereof - Google Patents
Apparatus for securing user's information in mobile communication system connected to internet and method thereofInfo
- Publication number
- CN1148035C CN1148035C CNB008012245A CN00801224A CN1148035C CN 1148035 C CN1148035 C CN 1148035C CN B008012245 A CNB008012245 A CN B008012245A CN 00801224 A CN00801224 A CN 00801224A CN 1148035 C CN1148035 C CN 1148035C
- Authority
- CN
- China
- Prior art keywords
- travelling carriage
- web server
- service server
- personal information
- public keys
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/04—Protocols specially adapted for terminals or networks with limited capabilities; specially adapted for terminal portability
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/033—Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
Abstract
An apparatus for securing the user's secret information transmitted from a mobile station is provided in a mobile communications system in communication with a web server through an Internet service server, wherein the data relating to the user's secret information is selected in response to the data request from the mobile station and/or web server, the selected data is enciphered in a given format, and the enciphered data is directly transmitted to the web server and/or the mobile station without any additional processing operation by the service server.
Description
Technical field
The present invention relates to a kind of be used for the user information confidentiality apparatus and method of the mobile communication system of internet communication.
Background technology
In mobile communication, recent development can make the user pass through the Internet, uses radio communication technology to realize so-called electronic trade.In order to promote electronic trade on the internet, as him or she and interconnected web (network) when server is connected, it provides the content of electronic trade, and most important thing is the leakage that prevents client's personal information.In view of the above, when internet usage, the purpose of safety system is secret user's a personal information, so that unwelcome user can not steal user's personal information, for example visit the password of web server, have credit number of the relevant password of concluding the business or the like.
Be used to protect traditional safety system of secret information generally to adopt secure sockets layer (Secure Socket Layer) (SSL) in wired internet communication, it is to be proposed by the NetscapeCompany of the U.S..The SSL system is with a kind of known only being encoded from client's information by the readable mode of web server.Yet because following discussion, the SSL system is not suitable for wireless or the mobile Internet communication system.
At first, travelling carriage has the memory capacity of a restriction, is not suitable for realizing that web uses in the SSL system.Therefore, traditional travelling carriage is not designed to realize that such web uses.The second, in order to proceed to the wireless connections of the Internet web server, travelling carriage at first must be connected with relevant Internet service server, request web content service.In this case, in order in whole network, suitably to realize and protect personal information, should have and the identical standard of safety system between service server and travelling carriage in the safety system between web server and the service server.Yet traditional safety system can not provide identical standard between them.As illustrational example, Fig. 1 has been provided by a traditional mobile communication network that provides in traditional safety system.As shown, the SSL system is adopted between service server and web server, but the wireless security system with different system is adopted between travelling carriage and service server.Therefore, whole network does not have identical standard between it.In view of the above, the safety system of prior art has different systems and standard, is not suitable for being provided for userspersonal information's privacy device.
As described above, the traditional safety system that is designed to be used for the wired internet communication system is not suitable for being applied to the wireless the Internet communications system, therefore, has hindered and has used developing rapidly of the electronic trade market of mobile communication technology by the Internet.
Summary of the invention
An object of the present invention is, provide a kind of and be used for when using the mobile Internet communication system to realize electronic trade, the apparatus and method that confidential user information is maintained secrecy, wherein the system of prior art uses the SSL system that adopts in wired internet communication.
Another object of the present invention is, a kind of privacy device and method that is used for confidential user information is provided, it uses identical standard, realizes from travelling carriage to the fail safe end to end of web server, to be created in the data flow between travelling carriage, service server and the web server.
For realizing an aspect of above-mentioned purpose of the present invention, the invention provides the secrecy system of the personal information that exchanges during a kind of Secure Transaction in the mobile Internet communication system, comprise travelling carriage, service server and web (network) server, wherein: travelling carriage, the public keys that is used for the storage service server, receive the voucher of web server from service server, decipher voucher by the public keys that uses service server, so that check the version of voucher, be included in the voucher by use, the public keys of web server, produce the session key that is used in the Secure Transaction, and, come according to fail safe encrypt/decrypt personal information by using the session key produced and the public keys of web server; The web server, be used for providing voucher to service server, generation is used for deciphering the safe key in the travelling carriage ciphered data, by key safe in utilization, come decrypt encrypted to arrive the session key of public keys, the session key personal information of encrypting and transmitting in travelling carriage by deciphering is decrypted; And service server, between travelling carriage and web server, be used for receiving voucher, when travelling carriage request safety is connected to the web server from the web server, send voucher to travelling carriage, and provide interface for the enciphered data of transmission/reception between travelling carriage and web server.
For realizing another aspect of above-mentioned purpose of the present invention, the invention provides the secrecy system of the personal information that exchanges during a kind of Secure Transaction in the mobile Internet communication system, comprise: travelling carriage, receive the public keys of web server from service server, by using the public keys of service server, produce the session key that is used in the Secure Transaction, and, come according to fail safe encryption/close personal information by using the session key produced and the public keys of web server; The web server, be used to produce public keys, provide public keys to service server, generation is used for deciphering the safe key in the travelling carriage ciphered data, by key safe in utilization, come decrypt encrypted to arrive the session key of public keys, the session key personal information of encrypting and transmitting in travelling carriage by deciphering is decrypted; And service server, between travelling carriage and web server, be used for receiving public keys from the web server, when travelling carriage request safety is connected to the web server, send public keys to travelling carriage, and provide interface for the enciphered data of transmission/reception between travelling carriage and web server.
For realizing another aspect again of above-mentioned purpose of the present invention, the invention provides a kind of time slot scrambling that is used for the personal information that sends from travelling carriage through a service server with the mobile communication system of a web server communication, comprise step: when travelling carriage request safety is connected to the web server, send voucher to travelling carriage from service server; Reception is used for sending from described travelling carriage or described web server the request of described personal information; Selectively encrypt described personal information with a predetermined form, to send in described travelling carriage or the web server to; With personal information, and need not carry out any interference by described service server by one in described travelling carriage or the described web server described encryption of deciphering.
For realizing another aspect again of above-mentioned purpose of the present invention, the invention provides a kind of be used for have travelling carriage, service server, with personal information privacy's method of the mobile Internet communication system of web server, wherein, described web server is used to produce safe key and public keys, described service server is between web server and travelling carriage, be used for receiving public keys from the web server, described method comprises step: when the Secure Transaction of web server is arrived in the travelling carriage request, send public keys from service server to travelling carriage; By using public keys, produce the session key that is used in the Secure Transaction by travelling carriage, by using session key and the public keys that is produced, come to encrypt personal information, and send the personal information of encrypting to the web server by service server according to fail safe; And, the personal information that receives by service server, encrypt is deciphered encrypted session key, and personal information is decrypted by the session key of deciphering by the web server.
For realizing another aspect again of above-mentioned purpose of the present invention, the invention provides a kind of time slot scrambling that is used for the data that send in the mobile Internet communication system, such communication system has a web server, be used for travelling carriage of described web server exchange data and with an agent service server of described travelling carriage and described web server communication, the method comprising the steps of: connected by described travelling carriage request, to receive electronic data through described service server from described web server; In response to the described request of described travelling carriage, produce a public keys and a privacy key by described web server; Send described public keys to described travelling carriage by described web server, in described travelling carriage, to register; Send a new voucher to described travelling carriage by described service server; Whether the voucher by described travelling carriage decision previous registration in described travelling carriage is the same with the new voucher that receives from described service server; If described new voucher is the same with the voucher of described previous registration, then use a session key that produces by the described public keys that receives from described web server to encrypt personal information by described travelling carriage, with the described public keys of encryption, to produce a symmetric key and to send the symmetric key of the personal information of described encryption and described generation to described web server through described service server; With the described symmetric key that receives from described travelling carriage by the deciphering of described web server, get back to described session key and use the session key and the described privacy key of described conversion with conversion, decipher the personal information of described encryption.
The present invention only passes through the clearer and more definite description of example referring now to accompanying drawing.
Description of drawings
Fig. 1 is a schematic diagram, is used to illustrate the traditional mobile Internet communication system with traditional mobile security system;
Fig. 2 is a schematic diagram that is similar to Fig. 1, illustrates according to a mobile security system of the present invention;
Fig. 3 is a schematic diagram, is used for illustrating in mobile Internet communication sending a common web file and the process of secret data according to safety system of the present invention; With
Fig. 4 is a flow chart, is used to illustrate the processing that makes user information safety according to mobile Internet communication of the present invention.
Embodiment
In the following description, for purpose rather than the restriction of explaining,, specific detail is proposed, for example specific structure, interface, technology or the like for a understanding accurately of the present invention is provided.Yet, be clearly to those the one of ordinary skilled in the art, leave these specific details, the present invention may be realized with additional embodiments.Purpose for simplicity, known devices, circuit in detail and the description of method be omitted so that can not make unnecessary details make description of the invention fuzzy.
For the standard of an assurance is provided, the sender of the message who claims in fact is real sender of the message, and numeral/electronic signature can use various known methods to encrypt.The algorithm of the encryption that is suitable for using according to the present invention is Riverst-Shamier-Adleman (RSA) public key algorithm, and it is the most widely used algorithm in present electronic trade safety system.Decompose based on prime factor, RSA Algorithm not only provides encryption but also provide electronic signature (or encryption key).That is, the principle of RSA Algorithm is based on such fact, that is, the product of two prime numbers of easier calculating " p " and " q ", but extract " p " and " q " is difficult from product " n ", " n " are by the product acquisition of " p " and " q ".That is to say that use two keys, one is public keys, second is privacy key, so that when using secret key encryption, only with the public keys deciphering, vice versa.In an embodiment of the present invention, RSA Algorithm generation public keys and privacy key are used for session key of encrypt/decrypt.Public keys uses encrypted session key by client, sends encrypted session key then and sends back to server.Server is connected with client's safety with foundation with its privacy key decrypted session key.
In addition, in an embodiment of the present invention, be used to produce algorithm use SEED (seed) symmetric key algorithm of session key, the SEED symmetric key algorithm is based on Korea S's data encryption standard and uses 128 block encryption algorithms that are used for the common electronic trade of being developed by Korea S information security mechanism (KISA).The SEED symmetry algorithm optionally has 8,16 and 32 bit data to handle, and deciphers in the mode of block encryption, and I/O phrase (phrase) and input key are 128.It also is designed to guarantee differential cryptoanalysis (DC)/linear cryptoanalysis (LC), comprises the encrypt/decrypt speed faster than three times of data encryption standards (DES).Its structure is based on Feistel and intrinsic function is designed to use the tracing table that is obtained by the conversion nonlinear function.In the present invention, the SEED symmetric key algorithm is used 12 and is taken turns, to produce session key, by the information data of its encrypting user.
According to the present invention, in mobile Internet communication, travelling carriage, Internet service server and web server can be worked as described in following.
At first, mobile phone is provided one and connects the required security procedure of the present invention of web server, to receive the session key that uses when public keys and inside are created in Secure Transaction.Session key is used for the encryption and decryption data.Realize encrypting according to RSA Algorithm and 128 SEED algorithms.The web server uses RSA Algorithm to produce public keys and privacy key, by sending public keys to travelling carriage, can make travelling carriage realize Secure Transaction.The public keys that receives is used to produce session key, and to encrypt the data that sent by travelling carriage, travelling carriage uses the SEED algorithm to produce session key.Then, the web server uses privacy key decrypted session key, is used to encrypt the data that sent by travelling carriage.That is to say that the data of using public-key encryption are only by using privacy key decrypted, vice versa.Therefore, the session key that the web server uses the deciphering of RSA privacy key to use the SEED algorithm to produce, according to the encryption and decryption of 128 symmetric key SEED, the session key of deciphering is used for the data of enabling decryption of encrypted.
According to embodiments of the invention, when the web server produce a pair of it public keys and during privacy key, the data processing between travelling carriage and web server begins.Public keys is sent to service server, the time is corrected and sends to travelling carriage as voucher in request then.To this, travelling carriage has been authorized to use, and by transmitting the data that need, service server is taken on the media between travelling carriage and web server.Then, travelling carriage storage public keys produces a session key with inside and encrypts the confidential data that will send to the web server.In order to produce session key, travelling carriage is encrypted the public keys that receives, to produce the symmetric key that will send to the web server.After this, the web server is deciphered symmetric key with its privacy key.With the symmetric key of deciphering, the ciphered data that the deciphering of web server receives from travelling carriage.In opposite transmission, the web server uses the data that will be sent to travelling carriage from the symmetric key encryption of travelling carriage reception.Next travelling carriage uses the symmetric key that had before sent to the web server to decipher the ciphered data that receives from the web server.In an embodiment of the present invention, service server is used as the acting server setting.
Data format on each path of mobile Internet communication 2 is described in conjunction with the accompanying drawings, and wherein the safety system between travelling carriage, service server and web server is used mobile microampere total system (MMS) of the present invention.That is, between travelling carriage and web server, adopt identical standard MMS.Because when public keys is sent to travelling carriage first, the public keys of web server is by with the privacy key electronic marker of web server, and the path between travelling carriage and mobile communications network can not used the public keys of forgery to distort by the computer hacker.In addition, be form by the travelling carriage encrypted data packets, so that the computer hacker not will appreciate that the content of original document with 128 bit codes.Further, when the computer hacker through the Internet when the mobile network moves to service server, it can not steal packet.Because make in the path between mobile communications network and the service server by the travelling carriage encrypted data packets through the Internet when giving service server with 128 form, this can realize, has therefore prevented that the computer hacker from stealing its content.
In addition, protect the internal network of service server by the fire compartment wall that adopts hacker's detection system of the present invention.Service server is sent to ciphered data simply the web server and does not carry out any processing operation therein from travelling carriage.In addition, adopt usually once its industrial siding that transmits 128 bit encryption data to connect service server and web server, thereby make the hacker be difficult to insert.
Further, because the web server receives the symmetric key that is produced at random according to 128 SEED algorithms by travelling carriage, steal detection system according to computer of the present invention and be implemented.Then, the web server uses the RSA privacy key to decipher these 128 bit encryption data that receive from travelling carriage safely.By this way, the enciphered data of travelling carriage only can only can be deciphered by travelling carriage from the ciphered data of web server by the deciphering of web server.The latter is possible, because the SEED symmetric key of web server also can opposite operation be sent to travelling carriage.
Before being sent out, when between travelling carriage and web server, communicating, before transmission, by each message of session key, deciphered by session key at receiving terminal, wherein the session key that produces from travelling carriage uses public keys encrypted and produce as symmetric key.For this reason, travelling carriage is mounted security procedure, is used for being connected with the safety service server.The effect of security procedure is to receive public keys and next produce session key in inside from the web server to go to encrypt personal information, and sends to the web server from travelling carriage.That is to say that according to rsa encryption and 128 SEED symmetric keys, session key is used for the encryption and decryption secret data.
Fig. 3 illustrates the transmission of a common web file that need not any encryption and according to the transmission of encrypted secret data of the present invention.That is, service server sends a common web file by acting server between travelling carriage and web server, sends personal data and need not any additional processing operation between them.As shown in Figure 3, owing to sending in wireless the Internet communications and handling the data of limiting the quantity of, according to the present invention, two different transfer of data can be operated.Therefore, have only and need individual/secret data that a unwelcome third party maintains secrecy directly be sent between travelling carriage and web server.
According to embodiments of the invention, the privacy procedure of user profile when travelling carriage is attempted to be connected with the web server is described with Fig. 4, wherein at the public keys of step 310 travelling carriage RT register traffic server reception, it is that hard apply (hard-coated) is on the web of travelling carriage browser.Service server is followed the address of its registration of voucher version information public keys, voucher and web server, and they are to revise according to the cycle data ground of being paid by the web server accordingly.In step 312, travelling carriage asks to be connected with the web page or leaf corresponding to user's request, to receive e-file.This request directly sends to the web server by being used to ask e-file can visit individual/secret information order that " obtains (GET) ".At this moment, service server does not align the GET order that is sent to the web server and carries out any additional treatments operation, and here, the web server can be a bank server, a stock trading server or the like.
In step 314, when receiving request from mobile phone, encrypted data are wanted in the web server decision that is requested to connect, and give mobile phone by service server with result notification then.Want encrypted data to comprise individual/secret information, for example a password and a credit number.Other data for example user's registration ID, common character information or the like do not need to encrypt, so that ciphered data quantity can reduce.This is of great use, because communication is compared with wired internet, the communicate by letter quantity of data to be processed of mobile Internet is very limited.In step 316, service server sends periodically voucher version by the present registration of web server correction to travelling carriage.The voucher version provides the updated information of the host name about the web server, IP address and the public keys that can be used to the acknowledge message source.Then, travelling carriage determines that the voucher version and the previous version of registering that whether receive are the same.The version of previous registration is to be downloaded from the identical web server of previous visit by travelling carriage.If they are the same, realize encrypting with the version of its previous registration.
On the other hand, if inequality, travelling carriage requested service server sends the voucher of a redaction.This request is undertaken by " CERT " order, and it is the prearranged agreement that is used to send voucher between travelling carriage and service server.In response to order " CERT ", in step 320, service server sends the voucher of the web server of registration at present.That is, if the request of a travelling carriage to a new voucher version arranged, service server (or acting server) with updated information that (content server) downloaded from the web server periodically sends a response message, comprises header (header) and text.In header, digital SIGN (by the public key signature of the web server of travelling carriage request) invests wherein, and voucher (host name, IP address and public keys) invests body part.
In step 322, travelling carriage receives the response message from service server, is differentiated the text of voucher by the digital SIGN of checking in header.That is, the travelling carriage inspection whether digital SIGN check also corresponding to the public keys of web server whether text is damaged.If digital SIGN obtains confirming that travelling carriage recovers to be comprised in the public keys in the voucher, revises its credentials table wherein.In step 324, use the public keys that is included in the voucher, produce session key, be used for user's information security transmission.As described above, produce session key according to 128 SEED algorithms, it is used to encrypt the personal data that sent by user of mobile station.In step 326, user's information is realized secure data by session key.In step 328, session by public-key encryption to produce symmetric key.
In step 330, be sent to the web server by the symmetric key that uses the public-key encryption session key to obtain and by the data of session key through service server, certainly, service server does not align and sends to the web data in server and carry out any other operation, then, in step 332, web server use privacy key decrypted packet is contained in the symmetric key from the user profile that travelling carriage receives, to produce a session key.In step 334, the web server uses the session key decrypted user information that produces, that is, by the secure data that travelling carriage is encrypted, so that can recover initial data, thereby initial data can be by the web server process.
Simultaneously, in step 320, use hash function to produce a hashed value (that is message digest 5 (MD5)).MD5 is the functional protocol that is used to encrypt, if wherein the result conforms to voucher, thinks then that transfer of data is normally finished and without any the computer hacker of outside.Content to voucher produces 128 hashed values (that is, 128 alphabetical sequences), with the secret key encryption of service server, adds in the voucher then.When travelling carriage received voucher, travelling carriage was got the hashed value of encryption, deciphered it with the public keys of service server.Then, for the verification voucher also is not stolen, travelling carriage produces the voucher hashed value once more and its hashed value with deciphering is compared, if both couplings, voucher is effective.In view of the above, the hashed value of a safety is used for authentication message, guarantees on the way not to be stolen from the data that service server sends, and then, the public keys of verification web server is effective, and execution in step 324.
Though previous description relates to the user profile that sends to the web server from travelling carriage, it also is applicable to the opposite transmission of the user profile that needs fail safe.In this case, travelling carriage can use the information encrypted of public keys and privacy key deciphering from the web server equally.
In addition, be used for the Secure Transaction application program of travelling carriage and web server by such preparation as described below.
At first, be used for being prepared and uploading server to web by the html file of encrypt/decrypt protection user profile.By using the generic attribute that in Internet protocol, defines, distinguish html file and the common html file that needs encrypt/decrypt by internet search engine.This can be that secure indicator " SCURE " realizes by specified class, its encrypted respective field of indicating.
Therefore, the invention provides a device, be used in the secret user profile that is used for electronic trade of mobile Internet.
Though the present invention follows accompanying drawing to be described together with embodiment, be very clear to those those of ordinary skill in the art, can carry out variations and modifications and do not break away from aim of the present invention.
Claims (18)
1. the secrecy system of the personal information that exchanges during the Secure Transaction in the mobile Internet communication system comprises travelling carriage, and service server and Web (network) server is characterized in that, wherein:
Travelling carriage, the public keys that is used for the storage service server, receive the voucher of web server from service server, decipher voucher by the public keys that uses service server, so that check the version of voucher, be included in public keys in the voucher, the web server by use, produce the session key that is used in the Secure Transaction, and, come according to fail safe encrypt/decrypt personal information by using the session key produced and the public keys of web server;
The web server, be used for providing voucher to service server, generation is used for deciphering the safe key in the travelling carriage ciphered data, by key safe in utilization, come decrypt encrypted to arrive the session key of public keys, the session key personal information of encrypting and transmitting in travelling carriage by deciphering is decrypted; And
Service server, between travelling carriage and web server, be used for receiving voucher, when travelling carriage request safety is connected to the web server from the web server, send voucher to travelling carriage, and provide interface for the enciphered data of transmission/reception between travelling carriage and web server.
2. the system as claimed in claim 1 is characterized in that, wherein, when detecting the safety indication that comprises the predetermined class attribute in data, just is defined as the situation that travelling carriage request safety is connected to the web server.
3. system as claimed in claim 2, it is characterized in that, the encrypt/decrypt of wherein said data realizes according to Riverst-Shamier-Adleman (RSA) public key algorithm RSA Algorithm and SEED symmetric key algorithm, and described SEED symmetric key algorithm is based on by Korea S's data encryption standard of Korea S information security mechanism (KISA) exploitation.
4. the secrecy system of the personal information that exchanges during the Secure Transaction in the mobile Internet communication system is characterized in that, comprising:
Travelling carriage, receive the public keys of web server from service server, by using the public keys of service server, produce the session key that is used in the Secure Transaction, and, come according to fail safe encrypt/decrypt personal information by using the session key produced and the public keys of web server;
The web server, be used to produce public keys, provide public keys to service server, generation is used for deciphering the safe key in the travelling carriage ciphered data, by key safe in utilization, come decrypt encrypted to arrive the session key of public keys, the session key personal information of encrypting and transmitting in travelling carriage by deciphering is decrypted; And
Service server, between travelling carriage and web server, be used for receiving public keys, when travelling carriage request safety is connected to the web server from the web server, send public keys to travelling carriage, and provide interface for the enciphered data of transmission/reception between travelling carriage and web server.
5. system as claimed in claim 4 is characterized in that, also comprises a service server, is used for directly sending the personal information of described encryption between described travelling carriage and described web server, and need not carries out other interference by described service server.
6. system as claimed in claim 4, it is characterized in that, wherein the encrypt/decrypt of the described personal information of being undertaken by described session key is realized according to Riverst-Shamier-Adleman (RSA) public key algorithm RSA Algorithm and SEED symmetric key algorithm, and described SEED symmetric key algorithm is based on by Korea S's data encryption standard of Korea S information security mechanism (KISA) exploitation.
7. a time slot scrambling that is used for the personal information that sends from the travelling carriage with the mobile communication system of a web server communication through a service server is characterized in that, comprises step:
When travelling carriage request safety is connected to the web server, send voucher to travelling carriage from service server;
Reception is used for sending from described travelling carriage or described web server the request of described personal information;
Selectively encrypt described personal information with a predetermined form, to send in described travelling carriage or the web server to; With
By the personal information of one in described travelling carriage or the described web server described encryption of deciphering, and need not carry out any interference by described service server.
8. method as claimed in claim 7 is characterized in that, and is further comprising the steps of, after receiving the described request that sends described personal information, sends a voucher to described travelling carriage from described Internet service server.
9. method as claimed in claim 8, it is characterized in that, wherein said service server is registered the voucher of the described web server that will be sent to described travelling carriage in advance, when being connected with described web server with the described travelling carriage request of box lunch, the voucher that is stored in the previous registration in the described travelling carriage is updated.
10. method as claimed in claim 7 is characterized in that, wherein according to the generic attribute of the described request of the described personal information of transmission of being undertaken by described travelling carriage or described web server, and described data of encrypt/decrypt selectively.
11. method as claimed in claim 7, it is characterized in that, wherein the described encrypt/decrypt of the described personal information of being undertaken by described travelling carriage or described web server is realized according to Riverst-Shamier-Adleman (RSA) public key algorithm RSA Algorithm and SEED symmetric key algorithm, and described SEED symmetric key algorithm is based on by Korea S's data encryption standard of Korea S information security mechanism (KISA) exploitation.
12. one kind be used for have travelling carriage, service server, with personal information privacy's method of the mobile Internet communication system of web server, wherein, described web server is used to produce safe key and public keys, described service server is between web server and travelling carriage, be used for receiving public keys from the web server, it is characterized in that described method comprises step:
When the Secure Transaction of web server is arrived in the travelling carriage request, send public keys to travelling carriage from service server;
By using public keys, produce the session key that is used in the Secure Transaction by travelling carriage, by using session key and the public keys that is produced, come to encrypt personal information, and send the personal information of encrypting to the web server by service server according to fail safe; And
By the web server, the personal information that receives by service server, encrypt is deciphered encrypted session key, and personal information is decrypted by the session key of deciphering.
13. method as claimed in claim 12, it is characterized in that, also comprise the steps, between described travelling carriage and described web server, send the personal information of described encryption by described service server, and need not carry out other interference by described service server.
14. method as claimed in claim 12, it is characterized in that, wherein adopt the described encrypt/decrypt of the described personal information that described session key carries out to realize according to Riverst-Shamier-Adleman (RSA) public key algorithm RSA Algorithm and SEED symmetric key algorithm, described SEED symmetric key algorithm is based on by Korea S's data encryption standard of Korea S information security mechanism (KISA) exploitation.
15. time slot scrambling that is used for the data that send in the mobile Internet communication system, such communication system has a web server, be used for travelling carriage of described web server exchange data and with an agent service server of described travelling carriage and described web server communication, it is characterized in that the method comprising the steps of:
Connect by described travelling carriage request, to receive electronic data from described web server through described service server;
In response to the described request of described travelling carriage, produce a public keys and a privacy key by described web server;
Send described public keys to described travelling carriage by described web server, in described travelling carriage, to register;
Send a new voucher to described travelling carriage by described service server;
Whether the voucher by described travelling carriage decision previous registration in described travelling carriage is the same with the new voucher that receives from described service server;
If described new voucher is the same with the voucher of described previous registration, then use a session key that produces by the described public keys that receives from described web server to encrypt personal information by described travelling carriage, with the described public keys of encryption, to produce a symmetric key and to send the symmetric key of the personal information of described encryption and described generation to described web server through described service server; With
The described symmetric key that is received from described travelling carriage by the deciphering of described web server is got back to described session key and is used the session key and the described privacy key of described conversion with conversion, deciphers the personal information of described encryption.
16. method as claimed in claim 15 is characterized in that, also comprise the steps, if the described new voucher and the voucher of described previous registration are different, then by described travelling carriage from the described new voucher of described service server request.
17. method as claimed in claim 15 is characterized in that, also comprises step, is used the data that send to described travelling carriage from the described symmetric key encryption of described travelling carriage reception by described web server; Send described enciphered data to described travelling carriage and, use the described symmetric key before sent to described web server by travelling carriage, the described ciphered data that deciphering receives from described web server.
18. method as claimed in claim 15, it is characterized in that, wherein adopt the described encrypt/decrypt of the described personal information that described session key carries out to realize according to Riverst-Shamier-Adleman (RSA) public key algorithm RSA Algorithm and SEED symmetric key algorithm, described SEED symmetric key algorithm is based on by Korea S's data encryption standard of Korea S information security mechanism (KISA) exploitation.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| KR1019990025510A KR20010004791A (en) | 1999-06-29 | 1999-06-29 | Apparatus for securing user's informaton and method thereof in mobile communication system connecting with internet |
| KR1999/25510 | 1999-06-29 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1316147A CN1316147A (en) | 2001-10-03 |
| CN1148035C true CN1148035C (en) | 2004-04-28 |
Family
ID=19597296
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB008012245A Expired - Fee Related CN1148035C (en) | 1999-06-29 | 2000-06-29 | Apparatus for securing user's information in mobile communication system connected to internet and method thereof |
Country Status (8)
| Country | Link |
|---|---|
| EP (1) | EP1101331A4 (en) |
| JP (1) | JP2003503901A (en) |
| KR (1) | KR20010004791A (en) |
| CN (1) | CN1148035C (en) |
| BR (1) | BR0006860A (en) |
| IL (1) | IL141692A0 (en) |
| TR (1) | TR200100592T1 (en) |
| WO (1) | WO2001001644A1 (en) |
Families Citing this family (36)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100368069B1 (en) * | 2000-07-06 | 2003-01-15 | 주식회사 케이티프리텔 | Communication method apt to impose fee using security protocol |
| US7033819B2 (en) | 2000-11-08 | 2006-04-25 | Surface Logix, Inc. | System for monitoring cell motility in real-time |
| US6893851B2 (en) | 2000-11-08 | 2005-05-17 | Surface Logix, Inc. | Method for arraying biomolecules and for monitoring cell motility in real-time |
| US6864065B2 (en) | 2000-11-08 | 2005-03-08 | Surface Logix, Inc. | Assays for monitoring cell motility in real-time |
| US7033821B2 (en) | 2000-11-08 | 2006-04-25 | Surface Logix, Inc. | Device for monitoring cell motility in real-time |
| JP3593979B2 (en) * | 2001-01-11 | 2004-11-24 | 富士ゼロックス株式会社 | Server and client with usage right control, service providing method and usage right certifying method |
| TWI224455B (en) * | 2001-01-19 | 2004-11-21 | Mitake Data Co Ltd | End-to-end encryption procedure and module of M-commerce WAP data transport layer |
| CN1504057A (en) * | 2001-03-16 | 2004-06-09 | 高通股份有限公司 | Method and equipment for providing secuve processing and data storage for wireless communication device |
| US7254712B2 (en) | 2001-06-12 | 2007-08-07 | Research In Motion Limited | System and method for compressing secure e-mail for exchange with a mobile data communication device |
| WO2002102009A2 (en) | 2001-06-12 | 2002-12-19 | Research In Motion Limited | Method for processing encoded messages for exchange with a mobile data communication device |
| JP2004532590A (en) | 2001-06-12 | 2004-10-21 | リサーチ イン モーション リミテッド | System and method for managing and sending certificates |
| JP4552366B2 (en) * | 2001-07-09 | 2010-09-29 | 日本電気株式会社 | Mobile portable terminal, position search system, position search method and program thereof |
| CN1554176B (en) | 2001-07-10 | 2012-12-05 | 捷讯研究有限公司 | Method for processing encrypted message in wireless mobile communication device and device for processing multiple access for encrypted contents |
| CN1138366C (en) * | 2001-07-12 | 2004-02-11 | 华为技术有限公司 | Network structure suitable for encryption at terminals of mobile communication system and its implementation method |
| ES2315379T3 (en) | 2001-08-06 | 2009-04-01 | Research In Motion Limited | SYSTEM AND METHOD FOR THE TREATMENT OF CODED MESSAGES. |
| US20030161472A1 (en) * | 2002-02-27 | 2003-08-28 | Tong Chi Hung | Server-assisted public-key cryptographic method |
| KR100458255B1 (en) * | 2002-07-26 | 2004-11-26 | 학교법인 성균관대학 | Methode for key distribution using proxy server |
| CN1191696C (en) | 2002-11-06 | 2005-03-02 | 西安西电捷通无线网络通信有限公司 | Sefe access of movable terminal in radio local area network and secrete data communication method in radio link |
| TW200423677A (en) | 2003-04-01 | 2004-11-01 | Matsushita Electric Ind Co Ltd | Communication apparatus and authentication apparatus |
| JP4576210B2 (en) * | 2003-12-16 | 2010-11-04 | 株式会社リコー | Certificate transfer device, certificate transfer system, certificate transfer method, program, and recording medium |
| US9094429B2 (en) | 2004-08-10 | 2015-07-28 | Blackberry Limited | Server verification of secure electronic messages |
| WO2007001287A1 (en) * | 2005-06-23 | 2007-01-04 | Thomson Licensing | Multi-media access device registration system and method |
| CN101052034A (en) * | 2006-04-19 | 2007-10-10 | 华为技术有限公司 | Method and system for transmitting network event journal protocol message |
| US7814161B2 (en) | 2006-06-23 | 2010-10-12 | Research In Motion Limited | System and method for handling electronic mail mismatches |
| JP2008028868A (en) * | 2006-07-24 | 2008-02-07 | Nomura Research Institute Ltd | Communication proxy system and communication proxy device |
| EP1984849B1 (en) * | 2007-02-23 | 2014-09-10 | KoreaCenter.Com Co., Ltd. | System and method of transmitting/receiving security data |
| KR100867130B1 (en) | 2007-02-23 | 2008-11-06 | (주)코리아센터닷컴 | System and method of transmitting/receiving security data |
| SG147345A1 (en) * | 2007-05-03 | 2008-11-28 | Ezypay Pte Ltd | System and method for secured data transfer over a network from a mobile device |
| CN101052001B (en) * | 2007-05-16 | 2012-04-18 | 杭州看吧科技有限公司 | System and method for P2P network information safety sharing |
| US8638941B2 (en) | 2008-05-15 | 2014-01-28 | Red Hat, Inc. | Distributing keypairs between network appliances, servers, and other network assets |
| US8375211B2 (en) | 2009-04-21 | 2013-02-12 | International Business Machines Corporation | Optimization of signing soap body element |
| CN103716349A (en) * | 2012-09-29 | 2014-04-09 | 西门子公司 | Medical image file transmission system, medical image file transmission method and server |
| JP2014143568A (en) * | 2013-01-24 | 2014-08-07 | Canon Inc | Authentication system and authenticator conversion apparatus |
| JP2014161043A (en) * | 2014-04-01 | 2014-09-04 | Thomson Licensing | Multimedia access device registration system and method |
| CN104539654A (en) * | 2014-12-05 | 2015-04-22 | 江苏大学 | Personal data filling system solving method based on privacy protection |
| CN109359472B (en) * | 2018-09-19 | 2021-06-25 | 腾讯科技(深圳)有限公司 | Data encryption and decryption processing method and device and related equipment |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5325419A (en) * | 1993-01-04 | 1994-06-28 | Ameritech Corporation | Wireless digital personal communications system having voice/data/image two-way calling and intercell hand-off |
| US5455863A (en) * | 1993-06-29 | 1995-10-03 | Motorola, Inc. | Method and apparatus for efficient real-time authentication and encryption in a communication system |
| US5371794A (en) * | 1993-11-02 | 1994-12-06 | Sun Microsystems, Inc. | Method and apparatus for privacy and authentication in wireless networks |
| US6009173A (en) * | 1997-01-31 | 1999-12-28 | Motorola, Inc. | Encryption and decryption method and apparatus |
| FI113119B (en) * | 1997-09-15 | 2004-02-27 | Nokia Corp | A method for securing communications over telecommunications networks |
| WO1999019822A2 (en) * | 1997-10-14 | 1999-04-22 | Microsoft Corporation | System and method for discovering compromised security devices |
| FI105253B (en) * | 1997-11-11 | 2000-06-30 | Sonera Oyj | Generation of start value |
| FI974341A (en) * | 1997-11-26 | 1999-05-27 | Nokia Telecommunications Oy | Data protection for data connections |
-
1999
- 1999-06-29 KR KR1019990025510A patent/KR20010004791A/en active Search and Examination
-
2000
- 2000-06-29 BR BR0006860-8A patent/BR0006860A/en not_active IP Right Cessation
- 2000-06-29 CN CNB008012245A patent/CN1148035C/en not_active Expired - Fee Related
- 2000-06-29 JP JP2001506198A patent/JP2003503901A/en active Pending
- 2000-06-29 TR TR2001/00592T patent/TR200100592T1/en unknown
- 2000-06-29 WO PCT/KR2000/000689 patent/WO2001001644A1/en not_active Application Discontinuation
- 2000-06-29 IL IL14169200A patent/IL141692A0/en unknown
- 2000-06-29 EP EP00940992A patent/EP1101331A4/en not_active Withdrawn
Also Published As
| Publication number | Publication date |
|---|---|
| TR200100592T1 (en) | 2001-07-23 |
| EP1101331A4 (en) | 2005-07-06 |
| WO2001001644A1 (en) | 2001-01-04 |
| EP1101331A1 (en) | 2001-05-23 |
| JP2003503901A (en) | 2003-01-28 |
| IL141692A0 (en) | 2002-03-10 |
| CN1316147A (en) | 2001-10-03 |
| BR0006860A (en) | 2001-07-10 |
| KR20010004791A (en) | 2001-01-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1148035C (en) | Apparatus for securing user's information in mobile communication system connected to internet and method thereof | |
| EP0998799B1 (en) | Security method and system for transmissions in telecommunication networks | |
| EP0043027B1 (en) | Electronic signature verification method and system | |
| US9209969B2 (en) | System and method of per-packet keying | |
| US7073066B1 (en) | Offloading cryptographic processing from an access point to an access point server using Otway-Rees key distribution | |
| EP0689316A2 (en) | Method and apparatus for user identification and verification of data packets in a wireless communications network | |
| CA2730588C (en) | Multipad encryption | |
| US20060195402A1 (en) | Secure data transmission using undiscoverable or black data | |
| CN108566395A (en) | A kind of document transmission method, apparatus and system based on block chain | |
| CN1234662A (en) | Enciphered ignition treatment method and apparatus thereof | |
| CN101558599B (en) | Client device, mail system, program, and recording medium | |
| CN1689297A (en) | Method of preventing unauthorized distribution and use of electronic keys using a key seed | |
| CN111797431B (en) | Encrypted data anomaly detection method and system based on symmetric key system | |
| CN1455341A (en) | Method for long-distance changing of communication cipher code | |
| Patel | Information security: theory and practice | |
| CN110955918A (en) | Contract text protection method based on RSA encrypted sha-256 digital signature | |
| CN102404329A (en) | Method for validating and encrypting interaction between user terminal and virtual community platform | |
| CN1612522B (en) | Challenge-based authentication without requiring knowledge of secret authentication data | |
| CN1949196A (en) | Method, device and system for storage data in portable device safely | |
| US20020184501A1 (en) | Method and system for establishing secure data transmission in a data communications network notably using an optical media key encrypted environment (omkee) | |
| KR100381710B1 (en) | Method For Security In Internet Server Based Upon Membership Operating System And Server Systems Regarding It | |
| JP2001203687A (en) | Data transmission method | |
| KR20060120127A (en) | Information encryption transmission/reception method | |
| JP4655459B2 (en) | Password verification system, password verification method, password verification program, card payment system using password verification system, and door management system using password verification system | |
| JP2004112571A (en) | Mobile communication terminal, encryption system, mobile communication method, and encryption method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: WD Ref document number: 1037072 Country of ref document: HK |
|
| C19 | Lapse of patent right due to non-payment of the annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |