# Method for secure communication in network, communication device, network and computer programme therefor

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to methods of providing secure communication in a network. The method comprises: an administration device provided with root keying materials, and steps of: generating, by the administration device based on the root keying materials, parts of keying material of a first node containing a certain number of sub-elements, and parts of keying material of the first node, assembled for generating a first terminated key, the administration device selects a subset of sub-elements of the first parts of the keying material, wherein the number of selected sub-elements is less than or equal to the total number of sub-elements of the first parts of the keying material, and the selected sub-elements form partial parts of the keying material of the first node or a symmetrical key generation mechanism, the first node generates, based on the symmetrical key generation mechanism of the first node and on a second node identifier, a first key used to provide secure communication with a second node.

EFFECT: more secure data transmission in a network.

6 cl, 7 dwg

The technical FIELD TO WHICH the INVENTION RELATES.

The present invention relates to a method of security relations and communication networks, which are communication devices that use security tools such as encryption to ensure security ties. This invention finds application mainly in communication networks, such as mobile wireless networks of sensors and actuators (WSN), and more specifically in wireless medical networks for control patients or other personal networks, such as network equipment, lighting, networking, building automation, network of automobile equipment.

PRIOR art

Because these applications require special handling such a network it is necessary to provide such security services like confidentiality, authentication, integrity, and authorization.

Encryption systems used in conventional communication networks typically provide security services based on cryptographic methods to secure connections. For cryptographic methods are required cryptographic keys.

More specifically, in some networks, containing the principal objects, or nodes, which should be very effective from the point of view of cost, normally used is t symmetric cryptography to provide the required security services. Indeed, in such networks, such as wireless sensor networks, nodes usually have limited resources, namely, from the viewpoint of battery power, bandwidth, processing power or memory. The security methods based on asymmetric cryptography, thus in General consider or ineffective, or unenforceable in such nodes.

The main problem with symmetric cryptography lies in the distribution of keys, i.e., in establishing a shared secret keys in the nodes that belong to the network and have the need to securely communicate. This problem is particularly strong in WSN, because of their size can vary from tens to tens of thousands of nodes, and their essence can be very dynamic, for example, the network topology may not be known in advance.

Cryptographic keys are distributed and installed between objects parties involved through a variety of ways, based on public-key cryptography, key distribution center, or other conventional techniques. In particular, during the last years the study was performed constructions of schemes for key distribution in sensor networks. Were the proposed scheme random pre-distribution of keys, schema key distribution based on varitelnogo center or the use of public-key cryptography. In many of these schemes it is possible to find a compromise between safety and efficiency. For example, in schemes with random pre-distribution of keys to each node in the WSN distribute a certain number of keys W, randomly selected from a pool of keys M. Thus, for the two nodes, there is a probability p share a common key, which depends on W and M, and from the possibility of establishing a secure communication line. However, these schemes can be hacked using the capture node and the stored keys. In addition, this requires the storage of a relatively large number of keys, for example, between 50 and 200, which is equivalent to 500 or 2000 bytes for 100-bit keys. Based on public key schemes key agreement requires the storage of one key, but the algorithms for key generation is very complex. In addition, this system is still slow, from a computational point of view, as a few seconds are required for handshake key negotiation. Some common schemes for key distribution are schematic distribution of the key material, which is called "alpha security", in which a node that belongs to the network directly provide not ready cryptographic key, and some site-specific key material, which provides him the opportunity to calculate the key, which is shared with another node in the network to ensure secure communications. This site-specific information is part of the key material obtained from the root of the key material contained in the device network administration. These schemes provide "alpha security offer a compromise between efficiency, availability, and security. The main drawback of these systems relates to the fact that the root key material is such that the grip of alpha nodes, and thus combining parts of key material "alpha" compromises the entire root key material.

The INVENTION

The objective of the invention is to propose a way to ensure the safety of links in the network, overcoming the aforementioned drawback and thus increase the efficiency of conventional key distribution.

Another object of the invention is to provide a network in which capture any number of nodes does not compromise the network.

Another object of the invention is to establish an effective distribution of keys, which reaches a much higher level of security than the schema key distribution security "alpha-safety" prior art, while minimizing the resource requirements of the network nodes.

The independent claim from which retene, which is attached to this description, define various aspects of the present invention. The dependent claims define additional features that can be used in the embodiment of the invention to increase its benefits.

The present invention provides for performing secure communication between the first node and the second node in the network, which further comprises a device administration, provided the mechanism of generation of the symmetric key (SKGE).

For this purpose, the present invention provides a method of providing secure communications between the first node and the second node in the network, which further comprises a device administration, provided the mechanism of generation of the symmetric key (SKGE). The mechanism of generation of the symmetric key SKGE(.) is a cryptographic unit that provides the first object party, Alice, to generate a pair with any other party's network, for example, with Bob, the key that has three desirable working properties. First of all, it is computationally much more efficient than asymmetric handshake for key negotiation. Secondly, the mechanism of generation of the key can be stored very efficiently, i.e., it requires memory, equal to several bytes, compared with N-1 keys trivial the Noah scheme of distribution of symmetric keys. Third, this mechanism is difficult to crack.

For community SKGE object R_{A}for example a node is defined as a structure that provides the object, R_{A}quickly and effectively to generate symmetric keys with any other object, R_{Z}in the system for a given ID of another object. SKGE object R_{A}based on the same secret key material KM_{A}. This secret information is the Union of some number n of sets of key material KM_{A-j}generated from n independent parts MILES'_{A-j}key material. Part of MILES'_{i-j}the key material for various objects R_{i}generate a root key material KM^{root}_{j}.

Root key material KM_{A-j}and part of MILES'_{i-j}key material_{}are, for example based on the well-known mathematical functions used in cryptography. These mathematical functions can include polynomials, matrices, combinatorial structures, etc., Mathematical operations can be performed over a finite field, or other mathematical structure, such as algebraic structures, including groups, fields, rings, vector spaces, and so on

Work SKGE contains the following stages, which are:

device administration is investing generates, based on the root key material, such as polynomial root key materials, and the ID of the first node in the set of parts of the key material to the first node, for example, in the form of the first polynomial, and each the first part of the key material is divided into sub-elements,

device administration selects a subset of the sub-elements of the first parts of the key material, for example the coefficients of the polynomials, and the number of sub-elements chosen for each of the first part of the key material that is less than or equal to the total number of sub-elements of this first part of the key material, and the selected sub-elements form a partial part of the key material of the first node or the mechanism of generation of the symmetric key,

device administration sends a partial portion of the key material of the first node on the first node, and

the first node generates, based on part of the partial key material of the first node or on the mechanism of generation of the symmetric key and the identifier of the second node, the first key, which is used to ensure the security of communications with the second node.

This method for generating the symmetric key increases schemes for key distribution, because the site provide only share part of the key material of the first node so even the capture of a large number of nodes does not allow an attacker to extract the original root key material.

In addition, the mechanism of generation of the symmetric key can combine a number of elements coming from different parts of the key material generated from operations of mixing different root key materials, for example, performed over different finite fields.

An additional feature of security refers to a configurable level of security through the use of key parts of the material and parts of the root key material of varying complexity. For example, if the root key material is a polynomial, then the selected degree of the polynomial can be used to provide a compromise between computational complexity and security.

In addition, because the host provide a smaller number of elements, thus, a smaller number of bits, the memory requirements for storing these items minimize, and computational requirements for generating a partial key is also reduced.

In another embodiment, the root key material is a symmetric bivariate polynomial. This characteristic indicates that if the second node to provide part of a partial key material, calculated in the same way, as part of the key material of the first node, and generate a second partial key with the NGOs, this second key to the first key.

In yet another embodiment of the invention the root key material is a polynomial of degree 1 with coefficients in a finite field GF(q)_{n}where q_{n}is a Prime number equal to 2^{n}-1, where n is an integer.

In another embodiment, the means of generating the symmetric key object developed by combining elements from a number of parts of polynomials generated from a number of two-dimensional polynomials of different degrees and on different finite fields. The Association performed so that the actual generation parts polynomial perform in relevant fields, but the mechanism of generation of the symmetric key combines elements and operations that are common to all these fields.

Another aspect of the invention relates to a device administration, which provides root key material in the network, which additionally contains the node. Device administration contains:

means for generating, upon receipt of the ID of the node that part of the key material node, based on the root key material, and each of the key material is divided into sub-elements mentioned part of the key material of the site;

means for selecting a subset of the sub-elements of the first part is about the key material for the development of the mechanism of generation of the symmetric key. The number of sub-elements selected from each part of the key material, is less than or equal to the total number of elements of this pidentifier for forming a partial part of the key material node, adapted for generating the first key,

means for distributing node fractional part of the key material node

Another aspect of the invention relates to a network containing the device administration, which is described above, and the communication device. The communication device provides the identifier and the mechanism of generation of the symmetric key, and it contains:

means to transmit its ID to the device administration

- means for receiving from the device administration fractional part of the key material node

- means for receiving the ID of another node, and

means for generating, based on the accepted mechanism of generation of the symmetric key or part of a partial key material node and adopted the identity of another node, key for communication with another node.

These and other aspects of the invention will be explained in relation to the embodiments described hereinafter, and will be apparent from them.

BRIEF DESCRIPTION of DRAWINGS

The present invention will now be described in more detail, by way of example, will accompany the selected drawings on which:

Fig. 1 represents a network according to the invention, which contains the device administration and two nodes.

Fig. 2 is a structural diagram that shows the sequence of operations of the method according to the invention for the underlying mechanism generating the symmetric key.

Fig. 3 shows a typical process of key generation in the main mechanism generating the symmetric key.

Fig. 4a shows the process of generating a key according to the invention.

Fig. 4b shows another process of generating a key according to the invention.

Fig. 4c shows a variant embodiment of the invention, in which the sub-elements selected from the two parts of the polynomial generated from two different two-dimensional polynomials on two different finite fields, combine to create a mechanism of generating the symmetric key object R. In this figure we depict only the elements that belong to a modular multiplications.

Fig. 5 depicts the root bits of key material, involved in the generation of some sub-elements SKGE, when a two-dimensional polynomial of degree is used as the root key material.

DETAILED description of the INVENTION

The present invention relates to a method of security relations in the network. An exemplary sequence of operations of such method will be described next is e with Fig.1, which show the network according to the invention, and Fig.2, which shows a block diagram of a sequence of operations on the network. Fig.2 includes some sample elements used in the development of the basic mechanism generating the symmetric key.

This network contains the device 2 administration, provide root key material during phase configuration CONFIG. In an exemplary embodiment, the root key material is a symmetric bivariate polynomial F(x, y) of degree 1 with coefficients in a finite field GF(q). The polynomial can be written as follows: F(x, y) =a_{00}+a_{01}x+a_{10}y+a_{11}xy, where a_{01}=a_{10}.

In one embodiment, the implementation of the characteristic of GF(q) is simple, the number of Mersenne q_{n}=2^{n}-1, where n is an integer, for example, n=17, 127 or 521.

During this phase configuration CONFIG each node (N1, N2) network, respectively, provide the identifier (ID1, ID2). These IDs have a length of r bits, where r is an integer that is less than n. In the example, r is equal to the integer part of n/3. This phase configuration in the General case occurs during the phase preceding the commissioning of the network, i.e., before the nodes will actually attach to the network.

Once the nodes have been enacted, the device administration generates, in the time phase GENER,
complete part a key material for the node N1 based on the root key material F(x, y) and the identifier ID1. Finished part of the key material for the node N1 is equal to f_{ID1}(y)=b_{ID1_1}*y+b_{ID1_0}where the coefficients of this polynomial is calculated as follows: b_{ID1_1}=a_{10}+a_{11}*ID1(mod q) and b_{ID1_0}=a_{00}+a_{01}*ID1(mod q). These operations are performed modulo q, as all other operations performed in this way, because the system operates over a finite field GF(q).

Then briefly described the process of generating a key according to a conventional method, to explain then the improvements of the present invention, based on SKGE.

Such conventional process will be described in relation to Fig.3, with the following assumptions:

- root key material provided in the device administration, is F(x, y)=a_{00}+a_{01}x+a_{10}y+a_{11}xy, which can be decomposed into the multipliers in the form F (x, y)=(a_{00}+a_{01}x)+(a_{10}+a_{11}x)y,

the coefficients F(x, y) expressed in the form of three concatenated segments

the network contains two nodes, identifiers which are R and V.

The first step is the generation of the key material for a node R by evaluating F(x, y) when x = R, then generating the F_{R}(y) = b_{R_0}+ b_{R_1}*y.

This assessment is shown in the upper part of f is, 3:

- in the upper left part is the computation of b_{R_0}=(a_{01}R+a_{00}) (mod q), and

- in the upper right part is the computation of b_{R_1}=(a_{11}R+a_{10})mod(q).

Then, in the conventional system a meaningful part of the key material generated by the device administration, transmit to node R, i.e., six segments: b_{R_0-1}b_{R_0-2}b_{R_0-3}b_{R_1-1}b_{R_1-2}b_{R_1-3}.

When the connection must be established between node R and node V, ID V provide on site R so that it could generate a complete key for secure communication. This key is the pair key that is agreed on both nodes. It is calculated using estimates of the key material node F_{R}(y) when y=V. This calculation is shown in the lower part of Fig.3. The calculation of b_{R_1}*V+b_{R_0}provides key K, which consists of three concatenated segments K1, K2 and K3.

Elements W1 and z1 correspond to the transfers, which depend on the size of the finite field.

In such a conventional system, all segments of the finished part of the key material of the node passed to this site. Accordingly, if a large number of nodes captured, the attacker can compromise the root key material and thus the entire system. In this case, the two captured node will be enough to compromise the corn is the first key material, as used polynomials of degree 1.

Hereinafter will be described in relation to Fig.2 and 4, the improvements offered by the present invention, to address, among other disadvantages, this security problem.

Returning to the sequence of operation of Fig. 2, after generating the finished part of the key material node N1, with ID1, device administration chooses to stage SELECT, some segments of different coefficients to generate a partial part of the key material.

These segments, which are also called sub-elements is chosen in such a way as to provide the ability to generate part of the finished key. Thus, in an exemplary embodiment, the device administration distributes the node N1 only the following factors: b_{ID1_0-3}b_{ID1_1-1}and b_{ID1_1-3}shown in bold line squares in Fig. 4. These elements, which form a partial portion of the key material, then distribute to the node N1.

Then, when the connection must be established between the nodes N1 and N2, the identifier ID2 is passed to N1 and perform the process of key generation (KEY GEN). As can be seen in Fig. 4, if node N1 provide only b_{ID1_0-3}b_{ID1_1-1}and b_{ID1_1-3}he cannot calculate all the key elements K1, K2 and K3, but can generate the most significant bits of the key K.
The reader can understand this by analyzing the relationship between different parts of the odds and made modular operations. Partial key K3 is then used to encrypt the links between node N1 and node N2.

Similarly, in one embodiment, the exercise device administration also generates part of the key material of the second node based on the root part of the key material and the ID of the second node, and part of the key material of the second node has a second form of the polynomial that has the same number of coefficients as the first coefficients. The second part of the key material in order to generate a second final key. The coefficients of the second polynomial of this part of the key material of the second node is shared as well as the coefficients of the first polynomial, i.e., each coefficient is divided into three sub-elements. Then the device administration chooses some sub-elements of the coefficients of the second polynomial for the formation of a partial portion of the key material of the second node and transmitting it to the second node.

The elements selected for the coefficients of the second polynomial correspond to the elements selected to provide a partial part of the key material of the first node. In this context, the term "relevant elements" means elements to the that are in the same position,
i.e., b_{ID2_0-3}b_{ID2_1-1}and b_{ID2_1-3}that represent the third element of the first factor, and the first and third elements of the second factor.

Based on part of the key material of the second node and the identifier of the first node, the second node generates a second partial key used for security ties with the first node. Since the root key material is a symmetric polynomial, and since the corresponding sub-elements selected from a partial part of the key material of the first node and part of the key material of the second node, the second partial key value to the first partial key. In addition, this second partial key is the second part of the finished key.

It should be noted that in the present embodiment, use only the most significant bits of the result key, i.e. two principal object that use this version of the implementation of a simple mechanism of generation of the symmetric key can only agree the high-order bits of K3. This is because operations are performed "outside source" field GF(q), and some information is lost. In particular, none of the principal objects does not store information, which includes the impact of transfers in the phase of generation of the key. However, this impact is minimal, since the probability distribution is s transfer decreases with the number of bits.
In particular, we can prove that two nodes can agree on a common key with probability 1 - 2^{-b}after removal of most b bits of the result key.

In addition, the proposed system of the invention also provides the ability to improve the efficacy of conventional systems Alfa-security". In fact, because the site provide only part of the partial key material, memory resources to store the pieces of key material and computational requirements for calculating keys smaller than in the conventional system.

The following table 1 show details of memory requirements and computational requirements of the three system configurations according to the first embodiment of implementation:

The size of the finite field | q=2^{127}-1 | q=2^{521}-1 | q=2^{127}-1 |

The number of segments | 1 | 1 | 3 |

The size of {ID, b_{R-1-3}b_{R-0-3}} | [127/3]=42 bits | [127/3]=173 bits | [127/3]=42 bits |

The size of the b_{R-1-0} | 43 is it | 175 bits | 43 bit |

Memory requirements | 127 bits | 521 bits | 381 bit |

(Consolidated) key size K'_{3} | About 40-bit | About 160 bits | About 120 bits |

The computing needs | The multiplication of 42×42 bits Multiplication 42×43 bits Add 42+42 bits | Multiplication 173×173 bits Multiplication 175×173 bits The addition of 173+173 bits | 3 multiplication 42×42 bits 3 multiplication 42×43 bits 3 adding 42+42 bits |

These three configurations allow you to minimize the memory, because only a few bits, and computing needs, because you only need to perform two modular multiplication and one summation.

The security on this basic version of the implementation of the mechanism of generation of the symmetric key relies on the fact that the attacker cannot recover the true root key material from parts of the partial key material distributed nodes, i.e., the information used for SKGE.

To show the security SKE,
first, compare this concept with a well-known concept of a block cipher. A block cipher is an encryption scheme, working with blocks of plain text, fixed length. A block cipher consists of two transformations: the transformation of the encryption c=E_{K}(m) and the transformation decrypt m'=D_{K}(c). K is a secret key used in both transformations. The principal object Alice can use the E_{K}(.) for message encryption key K and send it to Bob. Bob can use the same key and the decryption transformation D_{K}(.) to decrypt a received encrypted message and obtain the original message. If you anticipate the attack on the plaintext, i.e., the attacker knows a pair of unencrypted and encrypted message {m_{i}c_{i}}, then the attacker can try to recover the secret key K. the Attack on SKGE in some sense similar. An attacker can capture a certain number of nodes, receiving a number N_{c}pairs {R_{i},KM_{i}}, where KM_{i}- this is a key material used in SKGE object R_{i}. The attacker seeks to restore the root key material that is used when generating mechanism generating the symmetric key for each object in the system when using the captured N_{C}pairs {R_{i},KM_{i}}. If you compare this is an attack with an attack on a block cipher,
we can say that the root key material SKGE plays the same role as the encryption key in a block cipher. In addition, the pair {R_{i},KM_{i}} similar pairs of open/cyfrowego text.

As explained above, this is the main SKGE can be attacked using compromised a number N_c pairs {R_{i}, KM_{i}}. In this case only describe the sequence of operations of attacks:

Preliminary information:

* KM_{i}contains three sub-elements {b_{ID2,0,3}b_{lD2,1,3},_{}b_{lD2,1,3}} as shown in Fig. 3. {b_{lD2,1,3},_{}b_{lD2,1,3}} are part of the coefficient b_{1}=a_{11}*ID+a_{01}(mod q) shared resource polynomial of degree 1 associated with the node ID1.

* Experiments show that the security of the system depends strongly on the ratio a_{11}root key material. It is easy to understand because all bits are only a_{11}participate in the generated keys. The strong influence of a_{11}security is also due to the fact that it is the only element that performs a modular operation. Therefore, an attacker can crack this specific SKGE, restoring a_{11}.

Is the process of restoring a_{11}using capture a certain amount of N_{c}pairs {R_{i},KM_{i}}.

* Take the subitems {b_{
lD2,1,3},_{}b_{lD2,1,3}} two objects R_{A}and R_{B}. As these sub-elements derived from b_{R-1}=a_{11}*R+a_{01}(mod q), we can calculate the difference between them, i.e., {b_{RA,1,3},_{}b_{RA,1,3}}-{b_{RB,1,3},_{}b_{RB,1,3}}, and thus get the result strongly correlated with b_{RA-1}-b_{RB-1}=a_{11}*(R_{A}-R_{B}) (mod q). Result {b_{RA,1,3},_{}b_{RA,1,3}}-{b_{RB,1,3},_{}b_{RB,1,3}} has length 2*k bits, while b_{RA-1}-b_{RB-1}has length 3*k bits, with k=[n/3]. You can write:

Then, computing the inverse of (R_{A}-R_{B}) over GF(q), you can directly get:

k bits (n ≈ 3*k) a_{11}you can get this way.

For the remaining 2*k bits, the attacker can do the following: he is looking for a pair of objects (R_{A}, R_{B}) so that the difference between the R_{A}and R_{B}sought 1. This can be done for a certain number of steps. In the end, the attacker can generate or find a pair (R_{A}-R_{B})=1 so that the corresponding values associated with these two IDs are equal (a_{11}

The expected number of pairs of N_{c}needed for this, should be equal to approximately 2*k.

Another attack is set based on the interpolation of various points. Over finite field of any function can be represented as a polynomial function. This polynomial function can be generated using Lagrange interpolation.

This attack on the above main SKGE can be compared with other attacks on other cryptographic structure, such as a block cipher. In many block ciphers security of the system depends on the number of cycles used for message encryption. The same block cipher using multiple cycles may be vulnerable to various kinds of attacks, such as linear, differential or interpolation attacks.

Similarly, in various embodiments, implementation of the present invention, a secure mechanism for key generation can contain one or more of the following features to increase its security:

- The use of more complex functions of the root key material, for example using polynomials of degree > 1 to increase system security. The increase in the degree of the polynomials can be compared with the increase in the number of cycles of a block cipher.

Intellectual unifying the parts of the key material generated on different mathematical structures, such as rings or fields that are the same or different size, with the same or different about what arazyme, with the same or different complexity, to achieve the best mix of information. For example, you can use the root key material based on a number of bivariate polynomials over various fields, some parts of the polynomial are generated for a certain number of objects by evaluating the two-dimensional polynomials with the identifier of each of these objects. Sub-elements of these parts polynomial over finite fields then combine to create SKGE each object.

- Another improvement relates to the development of operations in SKGE so that the attacker cannot recover the actual key material. This optimization applies to mixing and merging operations performed directly in SKGE to make impossible the detection of attackers, from which parts of the key material, a root key material generated subelements SKGE.

Some of these explanations can be better understood if we compare them with the work of block ciphers. For example, block ciphers use a certain number of cycles in the transformation of the encryption or decryption. The greater the number of cycles, the higher the security. Block ciphers also tend to mix the bits to create a stirring and make recovering the secret key of labour of the poor. The more complex functions in the design SKGE, is also in order. Next are a number of more complex embodiments SKGE using the above improvements.

SKGE BASED ON POLYNOMIALS of LARGE DEGREE

Basically the embodiment, as the root key material using a two-dimensional polynomial of degree α=1, i.e. f(x,y)=^{n}- 1, and the system IDs are chosen so that they had a length of_{j}calculated as b_{j}=*ratio*] bits. Ratio, without loss of generality, equal to 2*α+1. For α=1 the ratio is equal to 3 (main variant assests the deposits).

In particular, sub-elements, which correspond to the SKGE, can be described as: c_{0}=b_{0}(mod2^{k}); c_{10}=b_{1}(mod2^{k}); c_{11}=b_{1}>>(n-k); c_{20}=b_{2}(mod2^{k}); c_{21}=b_{2}>>(n-2k); c_{30}=b_{3}(mod2^{k}and c_{31}=b_{3}>>(n-3k). SKGE for the node N1 can be used to generate key using N2 as

In this particular example you can see that the complexity of key generation is increased, thus increasing the computing requirements, but achieving the best mix.

In the General case, the operation for SKGE node N1, which is used as the root key material two-dimensional polynomial of degree α over finite field CF(2^{n}- 1) to generate the key using the node N2 can be written as:

In this case, k =_{0}C_{10}..., C_{i0},... C_{α0}C_{11}..., C_{j1},...C_{α1}contain subelements SKGE object N1 and depend on the coefficients of the original polynomial as:

This equation is a more General definition of the basic variant implementation SKGE described at the beginning of e is th document, in which use only two-dimensional polynomial with α=1.

Each of these subelements SKGE object N1 depends on α+1 coecients of the original root of the two-dimensional polynomial. In Fig. 5 4 depict the ratio of the original root key material {A_{33}, A_{23}, A_{13}, A_{03}} that are involved in the generation of factor b_{3}part of the polynomial for the node N1. Also indicate two sub-elements {C_{30}C_{31}} SKGE that generate from b_{3}. The coefficients are divided into k-bit blocks. Blocks marked with X are the units that are involved in the generation of elements SKGE. These generated elements SKGE marked XX.

Additionally, the actual number of bits of the root key material involved in key generation, divided by the size of the generated key increases. Implying that two SKGE generate a key of the same length, and the second SKGE uses the root key material of higher complexity, such as two-dimensional polynomials of higher degree, then the attacker must determine more information on what to do harder. Therefore, the use of more complex mathematical functions as the root key material for SKGE, for example polynomials of high degree, makes it difficult to restore the root key material. Therefore, it appears that th is alpha determines the complexity and security SKGE.

The coefficients a_{ij}two-dimensional polynomial can be represented as a symmetric matrix.

Assuming that the generated key is a block of k bits in length, the coefficients of the two-dimensional polynomial of degree α has length 2*α+1 k-bit blocks. In this case, use the same ratio, which is defined above. For two-dimensional polynomial of degree 1 there are four coefficients {α_{00}α_{01}; α_{01}α_{11}}. Each of them is divided into three blocks of length k bits. This separation is convenient to analyze which parts of the root key material have an impact on the bits of the elements SKGE {C_{0}C_{i0}}. This can be understood, for example, by analyzing Fig.4b. From it you can get some conclusions:

- First, for a polynomial of degree α, the elements SKGE {C_{0}C_{i0}} with 1≤i≤α have a length of only one unit, but have influence on α+1 and_{i1}} SKGE, when 1≤i≤α, the complexity of α, the length i of the blocks and are dependent on the

- Secondly, in the generation of elements SKGE participate all bits of coefficient of only the highest degree. This is equivalent to say that the "real" modular operation is used only for this factor.

SKGE, BASED ON the aggregation of TWO POLYNOMIALS OVER DIFFERENT FINITE FIELDS

More complex and secure SKGE can be created by taking the two-dimensional polynomial f_{k}(x, y)=_{1}) and GF(q_{2}). In particular, q_{1}you can take as a simple number of Mersenne in the form 2^{n}-1 and q_{2}another Prime number in the form 2^{n}-2^{[n/3]}-β. In this case, β is the smallest positive integer for which 2^{n}-2^{[n/3]}-β is a Prime number. These particular values are chosen in such a way that:

(i) part of the polynomial generated from these two polynomials have an impact on various fields, but

(ii) the floor is still quite similar to combining some elements of those parts of the polynomial, and

(iii) SKGE each object create, as a Union of sub-parts of polynomials generated on two different finite fields. It may be noted that this particular implementation is intended for mathematical functions of low complexity for approximate polynomial degree 1, but the Association of various mathematical structures, such as fields of different orders of magnitude, fields and rings, etc. can be given for the mathematical structures of higher complexity, such as polynomials of higher degree.

The basic concept of this specific variant of the implementation shown in Fig. 4 and Fig. 4c. In this case you can see the result of multiplying two elements α_{A}and α_{B}n bits in length ID R [n/3] bits in length.

The length of R is chosen so that the modular multiplication R*α_{A}and R*α_{B}has a length of 4*[n/3] bits. Due to the special shape of the selected fields, [n/3] most bits of these 4*[n/3] bit length results affect [n/3] most bits of both results and [n/3] most bits after applying modular operations in the case of the second field GF(q_{B}). The left part of Fig. 4 represents, therefore, the multiplication over the finite field GF(2^{n}-1). This multiplication can be any multiplication, shown in Fig. 3, which is involved in, for example, generation of the key parts of the material the material for these objects.

With this in mind, the system that uses this approach works as follows. The object configuration uses two of the above two-dimensional polynomial to generate a total of four parts of a polynomial of two objects N1 and N2. This is performed in the usual way, i.e., evaluating both two-dimensional polynomial with the variable x for the identity of both objects. Four parts of a polynomial:

Where i and j in g_{Ni|j}(y) indicate, respectively, whether part of the polynomial to N1 or N2, and do calculations over GF(q_{1}or over GF(q_{2}). Each of the coefficients of these parts polynomial divided into various sub-elements, as done in the case of the basic variant implementation. For example, b_{N1|1-Q}can be considered as the concatenation of three elements, i.e.,

where || is concatenation. In the same way

The object configuration takes into account the special form of the fields involved in the calculation of the elements that will contain SKGE both objects as the Union of sub-parts of the polynomial. In particular, if the three elements SKGE node Ni {C_{i-0}C_{i-10}C_{i-11}} when i={1, 2}, then:

General operation SKGE node Ni, for a given ID, the other is on node Nj, is as follows in this embodiment:

It should be noted that the elements {C_{i-0}C_{i-10}C_{i-11}} SKGE receive, as the addition of two sub-elements from different parts of the polynomial. If you remove the second sub-element during each of the summation, then return to the main option exercise SKGE.

This enhancement introduces interesting features that make the attack on SKGE difficult. Root key material contains, in this particular case, the polynomials over fields in different order. If the attacker wants to perform the same attack as in the main embodiment, it will find a major obstacle. Indeed, now he will not be able to calculate the inverse of ID, as it is a member of two different fields. Additionally, in the previous attack on the main SKGE it was stated that the security system is based on the ratio α_{11}. Detailed analysis shows that in this particular and exemplary embodiment, the attacker must find 4*[n/3] bits instead of n bits, making the analysis more difficult. In this sense, the method of measurement reliability SKGE refers to the ratio between the number of bits of the root key material involved in the generation of sub-elements containing SKGE, and the length of these sub-elements SKGE in bi is Ah.

This concept can be further developed, mixing a number of sub-elements, generated from more than two parts of the key material, such as part of the polynomial, and associated with different root key materials, such as a two-dimensional polynomials over finite fields.

Another improvement, which use some root key materials on various algebraic structures, such as field refers to the pooling of simple and extended finite fields, for example, two fields, one uses a simple number for unit operations, and the other of order p^{r}and p a Prime number, uses the polynomial for simplifications. The reason is that the operation is "incompatible" because of the nature of these fields.

From the above example it seems that the attacker cannot distinguish whether the subelements that contain SKGE generated from one part of the key material or of their associations.

However, knowing this information can provide an opportunity for an attacker to perform a more intelligent attack to restore root key material. This gives the possibility of additional improvements, which relates to the generation SKGE containing sub-elements from a number of different elements of key material, Shen is registered from a different root key materials, and to store parameters of a secret key of the root key material. These parameters may relate to the type of mathematical structure, for example, field, ring, or vector space, and to their complexity, for example, the field size or the degree of the polynomial.

Finally, another improvement of the system based on the use of several pieces of key material generated from different root key materials, refers to the fact that the elements and operations needed to generate the key in SKGE, you can arrange to hide the actual values of the parts of the key material. To show this, take four different parts of the key material object N1, generated from four different root key materials. Assume that each part of the key material extract two elements, namely

except the last, from which is extracted three elements. Also assume that SKGE contains three distinct elements {C_{i only 0.4}C_{i-10,4}C_{i-11,4}}, as in the basic embodiment, SKGE, and that the key is generated as

In this case, the actual elements SKGE are combining the above elements, selected from different parts of the key material, in this particular PR is as they unite as follows:

As part of the key material independent of each other, then the different elements affect each other. Thus, this approach makes more difficult the recovery of actual real parts of the root key material.

FINISHED DESIGN SKGE

This design SKGE is based on two previous designs. This design is motivated by the fact that in SKGE based on a single two-dimensional polynomial of degree α, only all bits of the coefficient α_{α,α}participate in calculation parts/keys polynomial. The reason for this is that the above schemes have been developed with the relationship between field size and key size equal to_{α,α}includes the impact of modular operations, the impact of the rest of the coefficient is smaller. In fact, their influence can be compared to the influence of non-modular operations. Additionally, there is only one root key material. Thus, the system is still very linear.

To solve this problem describe the complete design SKGE, including α+1 two-dimensional polynomials as the root key material of degrees 1, 2..., α and α, respectively. In tamopradhan embodiment, these two-dimensional polynomials are over the following fields:

and 2^{n}- 1 is a Prime number greater than 2^{(2α+1)k}.

In this case, assume that SKGE generates a key length of k bits. The form of the Prime number q_{i}=2^{(2i+1)k}-2^{(i+1)k}-β_{i}2^{(i+1)k-1}-1 for polynomial of degree i rely on the following facts. Element 2^{(2i+1)k}appears from the desired number of k-bit blocks" for the coefficients of the root key material. 2^{(i+1)k}necessary to have a modular operation that affect i the oldest k-bit blocks, or in other words, j*k most of the high bits. 1 choose, to be able to combine operations, i.e., to generate the key using only parts of the polynomial. Finally, the element β_{i}2^{(i+1)k-1}_{}is used to obtain the Prime numbers. The value of "beta" is the smallest positive integer for which β_{i}2^{(i+1)k-1}_{}is a Prime number.

The idea is to develop a system in which the modular operation f_{1}(x, y) depends on the coefficients of degree 1 f_{2}(x, y), and so on; the same for f_{2}(x, y) and f_{3}(x, y). In General, the contribution of the f_{i}(x, y) affects all polynomials with higher ID {i + 1, i + 2,..., α + 1}.

These designs combine the advantages of both the above SKGE and also provide new. First, this si theme is designed
that all bits of the coefficient of the highest degree of all polynomials involved in key generation. This is especially important, as these factors are factors that are involved in unit operations. Secondly, the use of different size, which is measured in bits, thus making the inversion of any element is much more difficult. In particular, because the same identifier used in the generation of these four polynomials, and these polynomials over various fields, it is very difficult to calculate the inverse element ID to restore part or all of the coefficients root key materials. This fact also makes it much harder to attack on the basis of interpolation, because now the attacker seeks to approximate the behavior SKGE by a polynomial. However, this polynomial must include the impact of information created in different fields and under the influence of unknown bits. This makes the expected degree of the polynomial interpolation is very high, and thus, the system is very flexible. Thirdly, the order of the fields is chosen so that the sub-elements generated from parts of the key material (parts polynomial) of various root key materials (i.e., two-dimensional polynomials f_{1}(x, y), f_{2}(x, y), f_{3}(x, y) or f_{4}(x, y)), violated each other, making the reduction of Olenye true root key material more difficult.
This is a violation refers to the influence of the coefficient of the highest degree of the polynomial f_{i}(x, y) on the coefficients of the polynomials with higher ID, such as f_{i->1}(x, y). Additional fact refers to the influence of the modular operations due to item 2^{(i+1)k}in simple numbers. These elements have a strong influence on the elements SKGE in the form of C_{i,1}by introducing non-linear effect, which actually appears because of the different polynomials over finite fields. The relationship between other elements [C_{0}C_{i0}} SKGE and the ratios of the root key material remain the same as they were before, with the difference that these elements also depend on all α+1 root key materials. Thus, the operation used in the algorithm for SKGE remains unchanged with respect to operations, which is presented in the section "SKGE based on polynomials of degree > 1". This SKGE:

becomes now:

Where the elements SKGE {C_{0}C_{i1}C_{j1}} generate, as a Union of elements α+1 parts of the key material, following the above approaches. Now this expression is much harder to approximate, for example, by means of interpolation techniques, because these items re-enter the non-linear impact of unit operations on the different end is diversified fields.

Implementation of the system requires modular multiplications long integers, if the complexity of the system increases, i.e. if you select a large value of α. In this case, a compromise between efficiency and security. The higher the complexity SKGE, the higher the security level. This is comparable with the work of block ciphers, in which the security of the cipher depends on the number of cycles. This compromise is particularly challenging, since the number of multiplications grows exponentially. This can be understood by analyzing the latest**,**the above SKGE. The element j in the above sum includes the multiplication of two elements j*k bits in length. Even though this is a mobile operation, it is very costly for large values of j. Efficiency calculation also depends on the second elementbut not so much. For the i-th index, there is a multiplication of two elements k and i*k bits in length. In Fig.9 shows the exponential growth of multiplications. It should be noted that in this case refer to the number of k-bit multiplications.

The system efficiency can be optimized by slightly modifying the above expression SKGE and doing some preliminary calculations. Describe three changes or modifications are defined as follows.

First, the node N1 can transform WriteLine to compute the degree of N2 for both elements

and

This can be done effectively by evaluating them in a recursive manner. This requires α k-bit multiplications. In the General case:

Secondly, given the above pre-computed degrees of N2, the contribution of the secondin the above SKGE can be calculated as the multiplication of the k most bits of the i-th degree N2 and element SKGE C_{i,0}. This reduces the number of required k-bit multiplications with α(α+1)/2 to α, i.e., the multiplier (α+1)/2.

The third optimization improves the efficiency of the third

the above SKGE. To understand this, you can observe the multiplication of two elements A and B 4-k bits in length. In this case, the selected operands 4-k bits in length without loss of generality. A and B contain 4 sub-elements, each of length k bits. This multiplication represents a specific multiplication

when i=4. The result of multiplying a variable C of length 8*k bits. However, you do not need to have all of C, but only k bits C. Therefore, the calculation of each of the elements in the sumyou can replace the optimized version. This optimized expression terms of calculation forshown below. Should the tmetal,
C_{j1}and N^{j}_{2}contain j k-bit elements each. These elements are

and

This means that this optimized generation of the j-th element of the sumprovides the ability to reduce the number of k-bit multiplications with the j^{2}up to 2*j-1. As usual and as stated above, this approximation requires the removal of some bits of the result, because this optimization does not include the effect of the previous items, so it does not include the impact of migration originating from summirovanii. However, this is insignificant fact, if k is large enough, and especially if you compare the efficiency of the system with and without the above three optimizations. These optimization therefore provide SKGE high complexity. In this case, complexity refers to the complexity of the restoration of the initial root of two-dimensional polynomials, since higher values of α introduces a greater number of polynomials.

All of the above training can be applied to the development of other SKGE. Additional design approaches include the use of identifiers, performing a certain amount of random properties, to minimize the potential at the to the system, preventing the restoration of the true root key materials attacker. In addition, it should be noted that the system described in this document, you can easily configure for key agreement between a large number of objects participating in the use of multivariate functions, such as multivariate polynomials.

The technical features described in the present description, you can find a wide range of applications.

A major application is the use of security embodied in wireless networks of sensors. Such networks are, for example:

- network medical sensors for comprehensive control patients. In these networks the nodes are in General nodes-sensors placed on the patient and having small resources from the point of view of memory and computing power;

intellectual equipment, such as a distributed lighting equipment, building automation, networking, automotive equipment, or any other network that you want to install and follow the rules of access control;

more specifically, any wireless sensor network based on IEEE 802.15.4/ZigBee.

The present invention can also be combined with other systems and methods, such as lightweight digital certificates, for example, it is trojstvo with limited resources, such as nodes-sensors or pocket personal computers. Lightweight digital certificate consists of a set of attributes associated with the object for validation and authentication of the object. This set of attributes may include the digital object identifier (name, profession and so on), roles, access control, and other parameters.

In addition, the present invention may open new opportunities in the following areas:

- Secure broadcasting in wireless sensor networks or telecommunication networks: indeed, the base station in the network can store the root key material and each node of the multiple nodes in the network. Thus, the base station may use the root key material to encrypt messages using not susceptible to cryptanalysis part of the key material, as provided in the present invention.

- Create a fully secure e-tickets in a variety of telecommunication applications. SKGE provides many other applications, which include the fight against counterfeiting. In this application different, but correlated SKGE can be embedded in every product that provides a signature for the uniqueness of the product. For example, in a digital document can be a source digital sequence, for example, zimoveiskaya, slightly modified by a random sequence. For example, you can randomly change the bits are some of the pixels in the digital image. Checksum file this information can be determined by calculating a hash function, and use the output of the hash to generate elements SKGE from the secret root key material for this digital document. Elements generated SKGE implement the same digital document, for example, in the lower bits of some pixels of the digital image. This approach takes into account illegal copies, based on the use SKGE, copied digital documents can be tracked and fake documents do not include the correct SKGE.

In the present description and the claims indefinite article preceding an element does not exclude the presence of many such elements. Additionally, the word "comprising" does not exclude the presence of other elements or steps than those listed.

Placing the reference designators in parentheses in the claims is intended to assist in understanding and is not intended to limit.

After studying the present disclosure specialists will be obvious other modifications. Such modifications may involve other features which, already known from the prior art secure connections and can be used instead of or in addition to those already described in this paper features.

1. The security links between the first node (N1) and the second node (N2) in the network (1), optionally containing device (2) administration, provide root key materials containing a symmetric polynomial with a couple of variables, denoted x and y, and the method comprises the following steps, which are:

device administration generates (GENER), based on the root key materials, a couple of pieces of key material containing:

- part of the first key material to the first node (N1), and a portion of the first key material contains a set of coefficients of the first polynomial with one variable obtained by evaluating symmetric polynomial in x=ID1, ID1 is the ID of the first node; and

- part of the second key material to the second node (N2), and part of the second key material contains a set of coefficients of the second polynomial with one variable obtained by evaluating symmetric polynomial in y=ID2, ID2 is the ID of the second node,

- coefficient, divided into a number of segments so that each part of the first the key material and part of the second key material contains the corresponding segments,
having the appropriate positions, respectively, in the first polynomial with a single variable and the second polynomial with one variable; and

- part of the first and second key material is arranged to generate a complete key to ensure the security of connections between the first node (N1) and the second node (N2),

device administration select (SELECT) the corresponding segments of the first key material so as to form part of the first partial key material, and device administration further selects the corresponding segments of the second part of the key material so as to form part of the second partial key material, whereby the corresponding segments selected from a portion of the first key material, and the corresponding segments selected from a part of the second key material, have corresponding positions, respectively, in the first polynomial with a single variable and the second polynomial with one variable, and the number of selected segments is less than or equal to the total number of segments, available in parts of the first and second key material,

device administration passes a portion of the first partial key material and part of the second partial key material respectively on the first node and the second the second node so that
to allow the first node and the second node to generate the first partial key and the second partial key, respectively based on the identifier of the second node and the identifier of the first node, and the first partial key and a second partial key are identical and are used to ensure the security of connections between the first and second node.

2. The method according to p. 1, in which the root key material contains a variety of symmetric polynomials.

3. The method according to p. 2, in which the efficacy and safety of the mechanism generating the symmetric key are determined by a number of secret or public structures, including the number of symmetric polynomials, the complexity of symmetric polynomials, mathematical patterns that result in the generation of the key parts of the material, or the parameters of the root key material.

4. The method according to p. 2, in which symmetric polynomials are chosen over some finite fields so that:

device administration generates a pair of parts of the key materials for the first node of the pair of symmetric polynomials, performing operations over different finite fields,

device administration share a couple of pieces of key material into segments and selects segments so that SF is to reroute a couple of pieces of first partial key material,

the segments selected for the formation of a pair of units of the first partial key material combine to obtain the Association of the units of the first partial key material that allows the first node to generate a key with the second node based on the identifier of the second node, whereby the operations required to generate the key, are out of the fields.

5. The device (2) administration, provide root key material containing a symmetric polynomial with a couple of variables, denoted x and y in the network (1), further containing the first node (N1) and the second node (N2), and device administration contains:

means for generating (GENER) a couple of pieces of key material containing:

- part of the first key material to the first node (N1), and a portion of the first key material contains a set of coefficients of the first polynomial with one variable obtained by evaluating symmetric polynomial in x=ID1, ID1 is the ID of the first node; and

- part of the second key material to the second node (N2), and part of the second key material contains a set of coefficients of the second polynomial with one variable obtained by evaluating symmetric polynomial in y=ID2, ID2 is the ID of the second node,

- coefficient, RA is shared by a number of segments so that
each of the first key material and part of the second key material contains the corresponding segments having corresponding positions, respectively, in the first polynomial with a single variable and the second polynomial with one variable; and

- part of the first and second key material to generate a complete key to ensure the security of connections between the first node (N1) and the second node (N2),

means to SELECT the corresponding segments of the first key material so as to form part of the first partial key material, and device administration further selects the corresponding segments of the second part of the key material so as to form part of the second partial key material, whereby the corresponding segments selected from a portion of the first key material, and the corresponding segments selected from a part of the second key material, have corresponding positions, respectively, in the first polynomial with a single variable and the second polynomial with one variable, the number of selected segments is less than or equal to the total number of segments, available in parts of the first and second key material, and

means for transmitting part of the first partial key material and part of the second h is a partial key material respectively to the first node and the second node so that
to allow the first node and the second node to generate the first partial key and the second partial key, respectively based on the identifier of the second node and the identifier of the first node, and the first partial key and a second partial key are identical and are used to ensure the security of connections between the first and second node.

6. Network (1) containing device (2) administration under item 5 and the communication device provided by the identifier (ID1), and contains:

means to transmit its ID, device administration,

- means for receiving from the device administration part of the partial key material,

- means for receiving the identifier (ID2) of the other node, and

means for generating (KEYGEN), based on the received pieces of partial key material and adopted the identity of another node, key for communication with another node.

**Same patents:**

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to computer engineering and specifically to means of secure communication in a network. The method relates to secure transmission of information from a first node (N1) to a second node (N2) in a network, the first node comprising a first node keying material (KM(ID1)), the second node comprising a second node keying material (KM(ID2)), wherein the keying materials of the first node and of the second node comprise each a plurality of shared keying root parts formed by segments of the shared keying root parts. A communication network, having at least two communication devices, carries out said method.

EFFECT: safer communication by dividing keys into segments for predistributed keying material according to a variable distribution.

13 cl, 5 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to computer engineering. A method of controlling access to a set of channels using a receiver/decoder comprising a security module (SC), each channel being encrypted by a specific channel control word (CW1, CW2), each channel having a channel identifier and transmitting access control messages ECM containing at least the current channel control word and the channel access conditions. The method comprises the following steps: tuning to a first channel having a first channel identifier (ID1); transmitting the ID1 to the SC; receiving first access control messages ECM1 containing a first control word (CW1); transmitting the first access control messages ECM1 to the SC; decrypting the first access control messages ECM1 and verifying the channel access conditions; if the access conditions are met; transmitting the CW1 to the receiver/decoder; storing of the CW1 and the ID1 in the SC; tuning to a second channel having a second channel identifier ID2; transmitting the ID2 to the SC; calculating, by the SC, the second control word (CW2) by performing the following steps: calculating a root control word (RK) with an inverse cryptographic function F^{-1} using the CW1 and the ID1; calculating the CW2 with the cryptographic function F using the RK and the ID2; transmitting the CW2 to the receiver/decoder.

EFFECT: reducing channel switching time when a user selects another channel.

9 cl, 3 dwg

FIELD: radio engineering, communication.

SUBSTANCE: invention relates to distribution of a cryptographic secret key between a transmitting side and a receiving side. An apparatus for secure reception and transmission of data comprises a key generation controller and a unit for providing the number of iterations.

EFFECT: facilitating automatic control of security and latency for generating a cryptographic secret key by setting a number of iterations, based on which the number of messages to be exchanged while generating the cryptographic secret key is controlled.

11 cl, 17 dwg

FIELD: radio engineering, communication.

SUBSTANCE: invention relates to a wireless communication device. The device includes: a plurality of communication modules for transmission, which are adapted to modulate and transmit a transmission object signal; the communication modules for transmission include at least one communication module for transmission in which a modulation method is employed, which is different from the modulation method employed in another communication module(s) for transmission.

EFFECT: transmitting a signal appropriately even with low carrier frequency stability.

20 cl, 78 dwg

FIELD: radio engineering, communication.

SUBSTANCE: network component having a processor connected to memory and configured to exchange security information using a plurality of attributes in a management entity (ME) in an optical network unit (ONU) via an ONU management control interface (OMCI) channel, wherein the ME supports a plurality of security functions that protect upstream transmissions between the ONU and an optical line terminal (OLT). Also included is an apparatus having an ONU configured to connect to an OLT and having an OMCI ME, wherein the OMCI ME has a plurality of attributes that support a plurality of security features for upstream transmissions between the ONU and the OLT, and wherein the attributes are transmitted via an OMCI channel between the ONU and the OLT and provide the security features for the ONU and the OLT.

EFFECT: high security of data transmission in PON systems.

20 cl, 5 dwg, 6 tbl

FIELD: radio engineering, communication.

SUBSTANCE: quantum cryptographic system not only enables to detect any attempts at intruding into a communication channel, but also guarantees unconditional secrecy of transmitted cryptographic keys under the condition that an error at a receiving station in primary keys does not exceed a certain critical value. The method involves generating polarisation states at a receiving/transmitting station for a series of classic synchronising laser pulses using a polarisation controller in one arm of an interferometer and a polarisation controller at the output of the interferometer, which facilitate interference balancing of the interferometer; after reflection from a mirror in a transformation station, a series of single-photon states is detected at the transmitting/receiving station and the obtained photocount statistics are used to calculate the permissible error, which is then compared with a certain error threshold to obtain a cryptographic key known only at the transmitting/receiving and transformation stations.

EFFECT: wider range of possible distortions of polarisation of laser and single-photon pulses when transmitting keys between transmitting/receiving and transformation stations, in which is guaranteed the secrecy of cryptographic keys and the lifting of the condition of using a special Faraday mirror.

2 dwg

FIELD: radio engineering, communication.

SUBSTANCE: invention relates to authentication methods and specifically to methods and an apparatus for authentication of subscribers in IP telephony networks. The technical result is achieved due to that the disclosed method for authentication through a user device when attempting to access an IP telephony network comprises steps of: obtaining one or more private keys of said user from secure memory associated with said user device; generating an integrity key and a ciphering key; encrypting said integrity key and said ciphering key using a session key; encrypting said session key with a public key of said IP telephony network; and providing said encrypted session key, encrypted integrity key and encrypted ciphering key to said IP telephony network for authentication using a public key infrastructure (PKI) coupled with an authentication and key agreement (AKA) mechanism.

EFFECT: more secure communication.

7 cl, 4 dwg

FIELD: information technology.

SUBSTANCE: entity having namespace ownership rights may create a document in an authorised namespace and sign the document with a private key. Other entities may validate that the document was created by an authorised namespace owner by using a public key available in security data associated with a parent document of the document. For a root document, the public key may be available from a directory service. A namespace owner may change the namespace owner(s) that are allowed to create children of a document.

EFFECT: protecting documents from unauthorised access.

20 cl, 9 dwg

FIELD: radio engineering, communication.

SUBSTANCE: there are two peers with knowledge of a common Diffie-Hellman permanent key, K_{perm}, and the identity and public key of the other peer. A first peer chooses a first ephemeral private key x and calculates the first corresponding ephemeral public key g^{x}, which is sent to the second peer. The second peer calculates a second ephemeral public key g^{y} in the same manner, and an ephemeral shared key K_{eph}, hashes g^{y}, K_{eph}, K_{perm}, and its identity, and sends g^{y} and the hash to the first peer. The first peer calculates K_{eph}, verifies the hash, and hashes g^{x}, K_{eph}, K_{perm}, and its identity, and sends it to the second peer that verifies this hash. Thereafter, both peers obtain a session key by hashing K_{eph}. The apparatus may then use the session key to establish a secure authenticated channel (SAC).

EFFECT: high cryptographic robustness of a secure authenticated channel.

5 cl, 1 dwg

FIELD: radio engineering, communication.

SUBSTANCE: method of cryptographic key (120) generation is proposed for protection of communication between two objects (202, 204), besides, this method is performed by the first object (202, 302) as a part of a distributed safety operation initiated by the second object (202, 304), and includes stages, when: at least two parameters (106, 108) are provided (306), of which the first parameter (106) contains or is produced from a row of cryptographic keys (110, 112), calculated by the first object (202) when performing the safety operation, and the second parameter contains or its produced from a marker (116), having a different value at each initiation of the safety operation by the second object (204, 304) for the first object (202, 302); and a key production function is applied (308) to generate a cryptographic key (120) on the basis of the provided parameters (106, 108). Besides, the market (116) contains the excluding OR of the serial number <SQN> and anonymity key <AK>.

EFFECT: improved safety of communication.

20 cl, 10 dwg

FIELD: communication systems.

SUBSTANCE: system has receiver, transmitter, processing element, connected to receiver and transmitter and controlling receiver and transmitter, digital rights module, connected to processing elements and controlling operation of communication device in digital rights environment on domain basis, while digital rights module of communication device together with dispenser of domains of digital rights environment on domain basis is made with possible selective addition of communication device to domain, owning one or several communication devices, which together use a cryptographic key.

EFFECT: possible selective retrieval and decoding of digital content on basis of membership in a domain.

10 cl, 11 dwg

FIELD: data transfer technologies.

SUBSTANCE: device which should be transmission destination, is authenticated, and if device is not authorized, then encrypted data, read from memorizing device, are decoded to produce decoded data, which are then encrypted again on basis of data of specific device key, received from device, which should be transmission destination for receiving re-encrypted data. Re-encrypted data are then transferred to device, which should be transmission destination.

EFFECT: forbidden unauthorized copying of data.

8 cl, 13 dwg

FIELD: electric communications and computer engineering, in particular, methods and devices for cryptographic transformation of data.

SUBSTANCE: the essence of method is in generation of binary vector, appropriate for date and time of discontinuous message transfer, generation of binary vector of secret parameter, generator of binary identification vector and addition thereof to discontinuous message. Message is different from known methods because it includes additionally forming a random binary vector and binary vector of protection key, while binary vector of secret parameter is formed by double compressing of random binary vector, while binary identification vector is formed by transformation in circle of residue class by module p of binary vector, appropriate for data and time of transfer of discontinuous message and binary vector of secret parameter.

EFFECT: rejection of false messages, increased speed of process of confirming authenticity of discontinuous message.

1 dwg

FIELD: ciphering key transmission methods and systems.

SUBSTANCE: according to proposed method same information K_{c} is afforded for more than one receivers 1 pertaining to receiver group G; each receiver saves SA_{i} information unambiguously assigned to the latter. K_{c} information is determined by expression K_{c} = f(K,b_{i}SA_{i}), where f is desired function; K is information common to all receivers; b_{1} is information different for each receiver and for each value of information K. Each receiver is given access to information b_{1} prior to submitting information K_{c}. Information K is transferred to all receivers directly prior to submitting information K_{c} so that each receiver can calculate the latter using mentioned expression.

EFFECT: simplified design and enhanced response of system to piratical cards.

13 cl, 2 dwg

FIELD: data transmission.

SUBSTANCE: in accordance to the invention, data of content of input digital data is encrypted on basis of data of first key, which is then encrypted on basis of function, generated on basis of a random number, and data of second key, generated with usage of data of specific key of device and common key data. During decoding, encoded data is received, consisting of encrypted content data, encrypted first key data, random number and common key data, second key data is generated on basis of specific device key data and common key data, encrypted first key data is decoded on basis of generated second key data and function, generated on basis of random number, encrypted content data is decoded on basis of decoded data of first key.

EFFECT: unauthorized data copying is prevented.

2 cl, 13 dwg

FIELD: data transfer.

SUBSTANCE: in accordance to the invention, digital data are decoded, which are encrypted on basis of specific device key data, which is supposed to be transmission destination, data is extracted from decoded encrypted data, which is related to copying conditions, and recording of decoded encrypted data into recording device is performed on basis of extracted data, related to copy allowing conditions.

EFFECT: prevented unauthorized copying of data.

2 cl, 12 dwg

FIELD: information encryption.

SUBSTANCE: method includes forming quantum photonic status sequence on the transmitting station to encode encryption keys and transmission of these statuses via open space to receiving station; at that, the distance between the stations is previously measured and clock on both station is synchronised; then, transmitting station converts quantum photonic statuses to one- or multiphoton orthogonal statuses and measures their sending time, which is sent to receiving station; the receiving station measures receiving time of the one- or multiphotonic quantised statuses, determines delay value, using which decoding and eavesdropping are performed.

EFFECT: provision of encryption key security during its long-distance transmission via open space, provision of long-term stability and reducing error stream in transmitted encryption keys on receiving station.

3 dwg, 2 tbl

FIELD: information technology.

SUBSTANCE: system and the method of information protection in computer networks based on key distribution, includes numerous units and a trust centre (TC). All the units are connected with one another and with the TC by communication channels. Each unit of the network and the TC has executive processor circuit as well as memory. TC includes the pseudo-random number generator designed to generate long-term keys, key blocks, primary incidence sub-matrix of lower size for building the incidence matrix (IM) of the required size; to form half-weight columns with the required number of binary bits for building the IM of the required size on the basis of the primary lower-size sub-matrix, with the extension capacity of the IM depending on the number of the network units communicating to one another to transfer the formed key blocks to the network units involved in the data exchange process through the communication channels. One key block corresponds to each unit; the processor executive circuits of the network units form the common secret key in order to ensure confidentiality while exchanging information between the units.

EFFECT: simplification of the key distribution method.

10 cl, 2 dwg

FIELD: information systems.

SUBSTANCE: invention refers to the data processing systems and, particularly, to the methods and devices providing cryptographic protection in the data processing system. The broadcasting key, renewed through a long lapse of time, is encrypted using a registration key and is periodically supplied to a user. The key with a short-time renewal is encrypted using the broadcasting key. The short-time key is available with each broadcasting message, thereat the information, sufficient for calculating the short-time key, is provided in the internet protocol header preceding to the broadcasting content. The broadcasting messages are then encrypted using the short-time key, thereat the user encrypts a broadcasting message using this short-time key.

EFFECT: creation of protected and efficient method of keys renewal in the data processing system.

24 cl, 30 dwg

FIELD: information technologies.

SUBSTANCE: invention refers to data transmission, specifically to effective cryptographic data transmission in real-time security protocol. Transmitting terminal can be used for data decoding with session key received from bitstream. Bitstream can be transmitted with head information to transmitting terminal. To maintain bandwidth the information can be divided into parts, and each part is transmitted with encrypted data package. Transmitting terminal can be used for restoration of bitstream from information parts comprising package headers, and use of bitstream for session key receiving. Session key can be used for data decoding.

EFFECT: higher cryptographic security of transferred data.

24 cl, 6 dwg