RussianPatents.com

Method for transferring messages while providing for confidentiality of identification signs of interacting objects in communication network

IPC classes for russian patent Method for transferring messages while providing for confidentiality of identification signs of interacting objects in communication network (RU 2253948):

H04L9/32 - including means for verifying the identity or authority of a user of the system (security arrangements for protecting computers or computer systems against unauthorised activity G06F0021000000; dispensing apparatus actuated by coded identity card orcredit card G07F0007080000; specially adapted for wireless communication networks H04W0012000000)

Another patents in same IPC classes:

Method for transferring messages while providing for confidentiality of identification signs of interacting objects in communication network / 2253948
Method for transferring messages while providing for confidentiality of identification signs of communication system objects with interaction of devices of communication system subscribers through central device for each communication session cryptographic conversion of subscriber device identifier is performed using encryption key of current subscriber device, while during said cryptographic conversion symmetrical cryptographic algorithm is used and two message transfer modes are taken in consideration, on initiative from subscriber device to central device and vice versa.

Method for forming and checking of message certified with watermark / 2258315
Previously for sender and receiver a binary series of digital watermark k-bit long is formed as well as binary series of secret key, message is certified at sender side using binary series of digital watermark and secret key, certified message is sent to receiver, where authenticity of received message is checked using binary series of digital watermark and secret key.

Method for activation of pki functions on intellectual card / 2258324
Server generates one-time activation code, sends it to user via intellectual card in cell phone and when user inputs an activation code in his cell phone, inputted code is transmitted to server for verification, in case of positive result server sends a command to phone to provide for access, which opens access to appropriate set of functions of intellectual card, while portion of functions can contain, for example, PKI-functions, which were concealed and inaccessible for user until said moment, after that user can select his own PIN-code for authentication, encoding and signature for transactions, and, concerning activation of PKI functions, generation of necessary secret and open keys, and also necessary certification are carried out after verification of activation code.

Method for complex protection of distributed information processing in computer systems and system for realization of said method / 2259639
System has center of certification, forming and distribution of keys, at least one user device and at least one distributed data processing server. Method describes operation of said system. Subsystem for forming open keys contains memory block for tables of secret substitutions of columns and rows of secret keys tables, memory block for table of symmetric substitution of columns and rows of external key table, register for sequence of transitive connection between rows of secret substitutions tables, block for logical output on sequence of transitive dependence, memory block for table of relative non-secret substitution of columns and rows of external key table, open key register, input commutation block and control block.

Protection means / 2260840
Protection means has key module and blocking module. Mobile communication system has protection means and communication port. Method describes operation of said protection means and mobile device.

Method for protecting computer networks against unauthorized attack / 2271613
Proposed method that can be used in attack detection systems for on-line detection and blocking of unauthorized attacks in computer systems including Internet involves presetting of list of authorized connections as aggregate of reference connection identifiers, introduction of factor of urgency of reference authorized-connection identifiers and list of names of authorized processes, generation of list of unauthorized connections received in the course of checkup due to introduction of maximal admissible quantity of any of probable unauthorized connections, and their counting.

Device and method for controlling transmission of decoding keys / 2273959
Each one of variants of information protection systems for controlling access to protected information has hardware means for storing at least one data element, including decoding key and appropriate information protection code, while information protection code sets number of operations of passage of decoding key, and first user, connected to encoded information, can determine through information protection code, whether second user can transfer code for information protection to third user, while number of generation of data is requested each time after receipt of query for transferring decoding key to another user and is decreased for one unit for each request, and as soon as it reaches zero, system denies all further requests.

Portable device and method for accessing device activated by key data / 2274899
Device has saved standard, containing fingerprint of authorized user, combined with verification code. In case of match between fingerprint of authorized user with one stored in memory, verification code if generated. Device activated by key periodically transmits an identifier, on receipt by access device of identifier, matching one of identifiers stored in memory, appropriate access key is extracted and sent to device activated by key to allow access to user.

Authentication method for stationary regional wireless broadband access systems / 2278477
In accordance to method, two main procedures are performed - authentication of client station and, also, authentication of base station.

Method for using a pair of open keys in end device for authentication and authorization of telecommunication network user relatively to network provider and business partners / 2282311
Method for checking rights of user of end telecommunication device for using a service, while device for accessing telecommunication network receives at least one certificate and identification data from telecommunication end device, after that network control device together with certification device checks, whether certificate, confirming identification data, is valid and whether it has positive status, whether additional privileges are given by additional certificates, and if that is so, then secret data is transferred to access device (session key), which are also transferred to telecommunication end device in form, encrypted by at least an open key, and access device provides free access by taking a decision, appropriate for rights of user of telecommunication network.

FIELD: information protection.

SUBSTANCE: method for transferring messages while providing for confidentiality of identification signs of communication system objects with interaction of devices of communication system subscribers through central device for each communication session cryptographic conversion of subscriber device identifier is performed using encryption key of current subscriber device, while during said cryptographic conversion symmetrical cryptographic algorithm is used and two message transfer modes are taken in consideration, on initiative from subscriber device to central device and vice versa.

EFFECT: protection from unsanctioned access to identifiers of devices of system subscribers transferred via communication channels, in particular when providing for confidentiality of messages identification signs in communications systems with multiple subscriber devices.

6 dwg

The invention relates to the field of protection of information transmitted over communication networks, in particular the confidentiality of messages transmitted in digital radio communications, satellite communications, cellular communications and computer networks.

In telecommunications systems, in particular in digital communication systems, decision making about facilities of interest to some classes is based on the verification identification and authentication features. The process of assigning the object to a group of objects or a single, a priori known, the object is called the identification and confirmation of the claimed identification features is called authentication. When this authentication process is usually carried out on the basis of some well-known interacting parties characteristic stored in the secret. IDs usually are not confidential and are available to an outside observer, for example, during the identification process. At the same time, there are systems in which all identifiers must be kept secret (for example, to ensure neotlazhennosti messages).

Known methods and devices are described in patents US 4268715, H 04 L 9/00, 19.05.1981 [1], US 4281215, H 04 L 9/00, 28.07.1981 [2], GB 2099195, H 04 L 9/00, 19.04.1979 [3], which allows to solve the problem of confidentiality of identity is bjectiv in communication channels of the type "point-to-point. Devices that implement this method in General consists of a random number generator module unidirectional algorithm (e.g., cryptographic algorithm, cryptographic module. These methods are based on the formulation of the interacting parties session key using an identifier of the subscriber communication system and generated for each communication session random number. Production is carried out by the module unidirectional algorithm. A random number generated for a communication session is transmitted in the clear. In these methods, confidentiality of identity among multiple subscribers only possible when using each pair of interacting subscribers only known them a secret parameter (cryptographic key) unidirectional algorithm. In this case, when the message is received by the subscriber system raises the task of establishing a session key link by searching all available keys unidirectional algorithm and corresponding identifiers that is associated with a significant consumption of the computing resource.

The known method EP 0564825, H 40 L 9/00, 05.03.93 [4], allowing the identification and authentication of objects (messages) on the same block in the communication channels of the type "point-to-point. This method requires that the tsya is that the authentication information is generated by desiroush conversion (CRC or hash function) from the object identifier of the message sender and the message being authenticated. Thus, the authenticator generated at the relying party will coincide with the submitted only if you used the same identifiers. This method can be used to ensure the confidentiality of the identity, if desiroush conversion to use an algorithm of type secret hash function.

In this case, as in the methods described in patents[1], [2], [3], confidentiality of identity among multiple subscribers only possible when using each pair of interacting subscribers known only to them setting (cryptographic key) hash function, which leads to the need of busting the subscriber of all available keys of the hash functions and their corresponding IDs in the development of the authenticator in the received message, which is associated with significant consumption of the computing resource.

Also known way US 457830, H 04 L 9/00, 24.06.1981 [5], which allows to ensure the confidentiality of the user IDs of the communication system, such as a star, when they are transmitted. This method is based on encrypting the IDA is tification using generated at each session a unique session key. Encrypted identifiers transmitted in the communication channel with the session key, which in turn is protected using a key known to the interacting objects. The disadvantage of this method is the necessity unprotected identify objects through which users interact with the system. Identification of objects can be done by unprotected transmission of the identifiers in the communication channel or by using a communication channel that is intended only for this object.

The closest to this invention to the technical essence is the way US 5889861, H 04 L 9/00, 30.03.1999 [6], which allows to ensure the confidentiality of the object IDs of the communication system, such as a star, when they are transmitted via communication channels (for example, in the authentication process). In this way the objects of the communication system is divided into Central device (base station) and devices of subscribers of the communications system (mobile station). To ensure the confidentiality of device IDs of the subscribers make their encryption using an asymmetric cryptographic algorithm and the modified time of the public key of the Central device of the communication system. This Central device is broadcasting the updated public key devices of subscribers who have basic communication system, which when it is received carry out the conversion of their identifiers used in the communication channels. The disadvantage of this method is significantly greater demands on computing resource consumed compared to methods using symmetric cryptographic algorithms.

The technical result of the invention is the provision of protection against unauthorized access in transmission device IDs of the subscribers of the communication system, providing for the confidentiality of the identification features of messages in communication systems with multiple devices of the subscribers.

The technical result is achieved in that in the communication system built on the principle of the star, the identity of the interacting objects are encrypted using a cryptographic transformation on the keys, known only to the interacting objects (encrypted identifiers are called disposable IDs), and use random IDs. As a cryptographic transformation can be used, for example, any symmetric block cipher (GOST 28147-89, DES, AES, and so on, see, for example, CMORE A., Modern applied cryptography, Moscow, Helios ARV, 2002, p.24-26 [7]).

For this purpose, the method of message transmission by ensuring confidential the particular identifying features of interest communication system with communication devices of subscribers of the communication system via the Central unit, namely, that for each communication session, perform the cryptographic transformation of the device ID of the subscriber on the key with this device of the subscriber, when a cryptographic transformation using a symmetric cryptographic algorithm and implement two modes of message transmission on the initiative of the subscriber device to the Central device or on the initiative of the Central device to the subscriber's device, since any of these modes, with each subscriber's device assign a random identifiers and encryption keys stored on a Central device in the transmission mode at the initiative of the subscriber realize transmission of messages with a random identifier of the subscriber device to the Central device, communication system, in which as the device ID of the subscriber use only stored in the subscriber's device and the Central device is a random identifier of the subscriber device, the Central device stores the encryption keys and all random identifiers are assigned to the devices of subscribers, when receiving from the network connection request, the connection of the Central unit performs the identification of the source of the message by comparing the identifier of the received message is stored with uchinami IDs of all devices of subscribers, when the corresponding random identifier in the message Central unit determines the subscriber's device, selects the corresponding encryption key and performs further interaction on the initiative of the Central unit, which forms synchrophasing and its use by the cryptographic conversion device ID of the subscriber on the encryption key of the given subscriber device generates a first one-time ID used to send the message to the subscriber's device,

with this Central device re cryptographic transformation, in which the first one-time ID is subjected to repeated cryptographic transformation on the key with this device of the subscriber, the result of which in the form of the second one-time ID is stored in the Central device and is used when receiving a response from the device of the subscriber,

when the message is received on a corresponding subscriber device from the main device, each device of the subscriber receives messages mode on the initiative of the Central unit, with its encryption key, generates a one-time identifier and verifies its presence in a received message, if found what I his first one-time ID to the subscriber's device makes a decision, the message addressed to him and realizes the answer to the second one-time ID received via cryptographic transformation of his first one-time ID on your encryption key,

the Central device when receiving a search of the second one-time ID in the received message is detected, the second one-time ID Central unit decides that the entry in the connection made and produces a cryptographic transformation of the random identifier that corresponds to the given subscriber device using the encryption key, the result of the conversion is placed in conformance with the subscriber, as it is a random identifier that is stored and used at the next prompt mode on the initiative of this device of the subscriber, the subscriber's device performs similar cryptographic transformation of its random ID on your encryption key and stores it.

The invention is illustrated in the drawings.

Figure 1 shows the structure of a system or communication network illustrating the interaction of the Central communication unit with devices of subscribers.

Figure 2 indicated the initial distribution of cryptographic information (keys and servants of inyh IDs) between devices of a communication system.

Figure 3 shows a functional diagram of the Central unit 1 communication systems.

Figure 4 shows a functional diagram of the device 2 of the subscriber communication system.

Figure 5 shows the interaction between the system devices on the initiative of the device 2 of the subscriber of the communication system, i.e. when sending the first message to the Central communication device 1.

Figure 6 shows the interaction between the system devices on the initiative of the Central unit 1 communication system, i.e. when sending the first message from the Central communication device 1 device 2 subscriber communication system.

Communication system that implements the proposed method includes the Central unit 1 communication made with the possibility of interaction and exchange of messages over communication channels with many devices 2₁-2_nsubscribers of the communication system (Fig 1).

Prior to the operation of the communication system carry out a preliminary distribution of cryptographic information between the devices 2 of the subscribers of the system and the Central unit 1 (figure 2). Each device of the subscriber, in addition to its unique ID in the simplest case i in the communication system, is assigned a random number, called a random ID_i. The subscriber device 2 is your key To a cryptographic algorithm. Device 2 subscribers are only their to obligationsa keys and random IDs, the Central device 1 has the keys To all devices of subscribers and the correspondence between random ID numbers and all devices of subscribers.

The Central device 1, the communication system consists of (3) block 3 sampling and comparing the identifiers of the storage unit 4 IDs (2₁-2_ndevices of subscribers, block 5 key store (K) encryption devices 2 callers, block 6 storing the correspondence between the devices of subscribers and assigned a random identifier (ID)of the connection block 7, block 8 storing one-time ID, block 9 cryptographic transformation unit 10 issuing one-time ID, unit 11 generate synchrophasing.

Under sidhropoulos refers to “the values of open source parameters of the cryptographic transformation (see. GOST 28147-89, 2.172).

Each of the devices 2 subscriber communication system includes (4) unit 12 output synchrophasing, unit 13 storing one-time ID, the block 14 cryptographic transformation, block 15 issuance of one-time ID, the connection block 16, block 17 storage device identifier of the subscriber unit 18 storing a random identifier that corresponds to the given subscriber's device, block 19 comparison of ID, block 20 storage key of this device of the subscriber.

the system for carrying out the proposed method works as follows.

The method implements a process of interaction between devices 2 subscribers of the communication system via the Central unit 1 communication systems.

In each session, ie, for example, when the transmission of the message using the unique identifiers generated using a cryptographic transformation of caller ID and a unique number, called sidhropoulos. In the proposed method, we considered two types of interaction - on the initiative of the subscriber of the system, i.e. when the first message is passed from the respective device 2 of the subscriber to the Central device 1, and on the initiative of the Central device 1, i.e. when the first message is passed from the main device 1 to the appropriate device 2 of the subscriber.

When the interaction of the Central device 1 and device 2 subscribers use disposable IDs, random identifiers are used in the first act of transferring “up” (the communication request to the Central unit 1) when entering the link at the initiative of the device 2 of the subscriber. After issuing a communication request interaction is carried out using one-time identifiers.

When interacting on the initiative of the subscriber the subscriber device 2, for example, 2₂uses random and disposable IDs as follows.

The key is ₂this device 2 is stored in the block 20, and delivered to the subscriber device 2 in accordance random ID₂is stored in the block 18. However, the key To₂and a random ID₂the device of the subscriber is known only to the device 2 of the subscriber and the Central device 1, with ID₂is stored in block 6 of the Central unit 1.

If the device 2₂the subscriber intends to transmit the information (message), for example, stored in its memory (not shown) data, the identifier using a random ID₂from block 18 storing a random ID. In this random ID₂from the output unit 18 is transmitted to one of the inputs of the block 16 communication for transmission over a communication channel with the message to the Central unit 1.

When receiving transmitted from the device 2 subscriber messages to the Central unit 1 is the following sequence of actions.

As shown above, device 1, the communication system includes (3) block 3 sampling and comparing the identifiers of the first input-output of which is designed to receive incoming messages and associated with the first information input-output unit 7 communication, second, third, fourth and fifth inputs and outputs of the block 3 are connected respectively to the first inputs in the passages of the block 4 storage device IDs (2 ₁-2_nsubscribers, block 5 storage of encryption keys, device subscribers, block 6 storing the correspondence between the devices of subscribers and assigned random IDs and block 8 storing one-time ID.

The second input-output unit 5 and 6 are connected respectively with the first and second inputs of the block 9 cryptographic transformation, third and fourth inputs of which are connected to the outputs of block 11 generate synchrophasing and block 8 storage disposable device identifier of the subscriber, respectively. One output unit 9 cryptographic transformation is associated with a second entrance-exit of the specified storage block 6, the output unit 9 through the block 10 report of the current one-time identifier associated with the connection block 7 and to the first input of the storage unit 8 disposable device identifier of the subscriber, the second input is connected to the output unit 4 storage device IDs of subscribers.

Thus, in the Central device 1 has a specified block 6 storage random identifier that corresponds to the device IDs of subscribers. The specified block 6 is a RAM that stores a random IDs of all subscribers and the corresponding numbers of these subscribers (IDs subscribers).

The Central device 1 when receiving the message from the device 2 subscribers performs the following actions (transfer of up).

The Central device 1 having in block 5 the keys of all devices of subscribers and in block 6 all random identifiers are assigned to the devices of subscribers who carries out the identification of the source of the request, the received message, i.e. the identification of the subscriber device from which the message came.

From block 7 communication the message arrives in the unit 3 sampling and comparison, which compares the received random identifier received with the message with all the stored random IDs unit 6. The coincidence of the received random identifier with any stored in block 6 random ID unit 3 determines the number (ID) of the corresponding device of the subscriber.

Further, the interaction is initiated by the Central unit 1.

In accordance with a specific block 3 device ID 2 subscriber Central unit 1 selects from the block 5 corresponding to the subscriber key and sends the block 9 cryptographic transformation for forming disposable current identifier.

For this purpose, the block 11 is formed Singapore received at the corresponding input unit 9 cryptographic transformation. As a cryptographic transformation of, for example, can be used, for example, the OST 28147-89, DES, AES, and so on (see, for example, [7]). It should be noted that in block 11 generate synchrophasing its formation can be effected in the simplest case, using a random number, and the number of the time interval in which you want the message with the generated one-time ID. I.e. in the simplest version can be used the random number generator used as sidhropoulos random numbers distributed between devices of subscribers via communication channels in unprotected form, i.e. as synchrophasing (see GOST 28147-89, p.17).

Through cryptographic transformation in block 9 of the device ID of the subscriber received from unit 4 through the block 8, and synchrophasing received from block 11 on the key device of the subscriber from the block 5 produced the first one-time ID. This identifier is passed to block 10 of issuing one-time identifiers associated with unit 7 communication used to transmit messages in the channel down key.

The message in the form of a confirmation request is transmitted to the subscriber device 2 formed with the first one-time ID.

In addition, the received one-time ID is exposed at the Central device 1 re-cryptographic transformation in block 9.

When the re-conversion unit 9 uses the key of the same device of the subscriber unit 5 and Singapore, the previously generated or received at the time of the conversion unit 11. The result of re-conversion is sent to the storage unit 8 one-time ID.

Next message with the first one-time ID is passed from the Central unit 1 in the communication network. Device 2 subscribers when messages are similar to the Central device 1.

When the message is received, each device 2 starts the block 14 cryptographic transformation associated with the communication unit 16. Their key stored in the block 20, and synchrobelt produced by the block 12, block 14 generates their disposable IDs and throws them through the block 13 in block 19 comparison for comparison with the identifier received from the network communication message.

In case of detection of his first one-time ID block 19 comparison decides that the message addressed to him. This formed the first one-time ID is stored in the block 13. Followed by the formation of the second one-time ID used for transmitting the next message.

To do this, using synchrophasing formed in the block 12, and a key device of the subscriber stored in the block 20, block 14 cryptographic transformation carry out the conversion of the first disposable Eden is idicator, stored in the block 13. Developed unit 14 of the second one-time ID is forwarded to the block 15 and is used in the following response in the communication channel.

The Central device 1 searches for all received messages of the second one-time ID stored in the storage unit 8 one-time ID. Unit 3 compares the IDs of all received packets with the value from the block 8.

Upon detection of the second one-time ID to the Central unit 1 considers the act of engagement with a corresponding subscriber device 2 held and carried out in block 9 cryptographic transformation of the random identifier device 2 of the subscriber stored in the unit 6, using the key of this device of the subscriber. The result of the conversion is assigned a new random ID that corresponds to the given subscriber device 2, is stored in block 6 as a new and used following the initiative of the output device 2 of the subscriber. In the device 2 of the subscriber when sending messages from the Central unit 1 is similar to the conversion unit 14 cryptographic transformation of the random ID of the unit 18 storing a random ID on your key from the block 20. The result of the conversion is output is stored in the block 18 as a new random ID and the device uses 2 of the subscriber at the next initiative to get in touch.,

Thus, for issuing a request to the communication device 2 of the subscriber used a random ID, known only to him and to the Central unit 1. After confirming the identification of the source of the request, the Central device 1 and device 2 subscribers carry out synchronous cryptographic transformation using a random ID on the key, known only to them. The conversion result is stored in the block 6 at the Central device, and in block 18 on the corresponding device of the subscriber as a new random identifier and is used when following the initiative of the output device of the subscriber connection.

After identifying the source of inquiry used disposable IDs. For this purpose in the Central device 1 of the first formed one-time ID is used to transmit packets of information devices to subscribers in the channel “down”, the second when it receives a response from the subscriber device in the channel “up”.

When this device subscribers when receiving packets of information from the Central unit 1 form their first one-time ID, and check availability in received from the Central unit 1 packet of information.

The Central device, as described above, searches all at atih the packet information of the second one-time ID, stored in the block 8.

If you need further information exchange Central unit 1 generates a new one-time IDs and communicates with the corresponding device 2 of the subscriber.

To avoid possible collisions due to random coincidences or disposable identifiers of different devices subscribers may optionally be carried out authentication of received packets of information, for example, by rendering Kievstar or hash values.

Interaction on the initiative of the Central unit 1 is similar, without prompting device 2 of the subscriber using his random ID. I.e. the Central device 1 transmits a message with the formation and issuance of one-time identifier of the device of the subscriber to whom the message is addressed. The message is accepted by all devices 2₁-2_nsubscribers. When the reception device 2 subscribers form and check for the presence of a received message to its one-time ID. Why when a message arrives from the block 16 communication unit 19 compare the received identifier with the generated block 14 one-time ID. Upon discovery of his first one-time ID to the subscriber's device for implementation through the response to the second formed a single identifier, as mentioned above, the search for which in received messages by a Central device 1.

Thus, the proposed method allows to maintain the confidentiality of object identifiers communication systems (sent messages), built on the principle of the star, i.e. in the interaction device 2 subscribers in the communication network through a Central device 1.

When this protection is provided by cryptographic transformation of identities on the keys, known only to the communicating device of the subscriber and the Central device using each communication session disposable (various) identification.

Way messaging with privacy identification features of objects in the system due to the interaction of devices of subscribers of the communication system through a Central device, which consists in the fact that for each communication session, perform the cryptographic transformation of the device ID of the subscriber using the encryption key of the given subscriber device, wherein the implement two modes of message transmission on the initiative of the subscriber device to the Central device or on the initiative of the Central device to device of the subscriber, each subscriber's device and the Central device storing case the first identifier and the encryption key, set in correspondence to each device of the subscriber and known only to the Central device and the corresponding device subscribers, in transmission mode at the initiative of the subscriber realize transmission of messages with a random identifier of the subscriber device to the Central device of the communication system, when a message is received by the Central unit carries out the identification device of the subscriber who sent the message, by comparing the identifier of the received message with the stored random IDs of all devices of subscribers, when appropriate random identifier in the message Central unit identifies a subscriber's device, selects the corresponding encryption key and performs the next transmission mode on the initiative of the Central unit, which produces synchrophasing and forms the first one-time ID by the cryptographic conversion device ID of the subscriber using the encryption key and synchrophasing, while the Central device re cryptographic transformation of the first one-time ID using the key of this device of the subscriber, the result of which in the form of the second one-time ID, remember in the Central the complete device, when the message is received on a corresponding subscriber device from the main device, each device of the subscriber receives messages mode on the initiative of the Central unit, this produces synchrophasing and using its encryption key and synchrophasing forms its first one-time ID and verifies its presence in a received message, in case of detection of his first one-time ID to the subscriber's device decides that the message was addressed to him, forms the second one-time ID by means of a cryptographic transformation of his first one-time ID by using its encryption key and performs the response using the second one-time ID, the Central device when receiving a response searches for the second one-time ID all received messages upon detection of the second one-time ID Central unit decides that the act of engagement with the corresponding subscriber's device took place and generates a new random identifier of the subscriber device via a cryptographic transformation of the random identifier that corresponds to the given subscriber's device, using its key is imovane, the Central unit memorizes a new random ID for use when the next message transmission mode on the initiative of this device, subscriber device of the subscriber performs a similar cryptographic transformation of its random ID on your encryption key and also remembers a new random ID.