Method for complex protection of distributed information processing in computer systems and system for realization of said method

FIELD: computer science.

SUBSTANCE: system has center of certification, forming and distribution of keys, at least one user device and at least one distributed data processing server. Method describes operation of said system. Subsystem for forming open keys contains memory block for tables of secret substitutions of columns and rows of secret keys tables, memory block for table of symmetric substitution of columns and rows of external key table, register for sequence of transitive connection between rows of secret substitutions tables, block for logical output on sequence of transitive dependence, memory block for table of relative non-secret substitution of columns and rows of external key table, open key register, input commutation block and control block.

EFFECT: higher efficiency, broader functional capabilities.

5 cl, 15 dwg

 

The technical field

The invention relates to the field of computing, information systems and means of protection from unauthorized access.

Prior art

For the effective functioning of information systems based on modern computer technology and related processing and transmission of confidential data (such as e-mail, modern payment systems, search engines), you must provide guaranteed protection process distributed processing. Currently, the most secure form of distributed processing is e-mail. Known methods of secure e-mail (see international application WO/0049766 from 24.08.2000; WO/9817042 from 23.04. 1998; WO/0001108, from 06.01.2000). Known methods of defense to provide confidentiality of information transmission, digital signature, identification and authentication of the sender and recipient information. In the method according to the application WO/0001108 attempt to protect the confidentiality of the address part of the message by entering anonymous or pseudoanonymity user IDs. They include the name, address, financial account information, and are introduced with the use of a mediator. This provides certified authentic and anonymous user IDs. But that is the AE system is not sufficiently reliable, because, first, it is not cryptographically strong, and secondly, there are parts of the transmission between the user and the intermediary, where the true (true) identifier transmitted in the clear and may be intercepted by an attacker to cracking the whole system of anonymous identification.

The main drawback of these methods is that the network servers processing the address part of the message is in the clear using a non-secure e-mail programs, i.e. in the form of source code instructions and data. This makes it vulnerable to informational influences as processed address information, and e-mail programs. The result may be infecting virus programs, distortion algorithm of their work or address of the message, as well as unauthorized substitution (or change) the address of the message.

The problem of the protection process information exists in other systems, distributed information processing, for example, electronic payment systems when accessing remote databases to fetch the messages at the user's request, information retrieval systems, where the arithmetic computation and information processing are in the clear. Therefore, one of the most pressing challenges of security of such systems t aetsa protection against unauthorized access, and other informational influences (viruses, software bookmarks) on the processing of messages and programs running in the computer (user devices and servers on the network).

The known method of complex protection of information processing in computers from unauthorized access, software, bookmarks and viruses (see RF patent № 2137185 from 09.01.98), which provides the possibility of processing programs and data in your computer in stochastically encoded, protected with changing codes of commands, data and algorithm during the operation of the programs. The known method implements two levels of protection: a logic - based stochastic transformation algorithm (control structure) programs, and physical, implemented through stochastic encoding of machine instructions. As a result of such conversion bookmarks and viruses can not find the entry point in the program to impact on it. There is a method allows to process numerical information in a secure manner in the process of performing arithmetic calculations. However, this method does not provide comprehensive protection of the entire circuit of the distributed information processing, including the transfer functions via communication channels. This is because, when implementing the method, using existing cryptographic protection PE is Adachi data interfaces connection secure communication lines to the computer is the interpretation of information whereupon the processing before the stochastic coding will be in the clear. The "window" closes the circuit protection of distributed data processing and is a possible source of leakage through unauthorized access, including using natural electromagnetic radiation.

Disclosure of inventions

Object of the invention is a method and system of comprehensive protection of distributed data processing for the formation of the through-circuit protection of distributed data processing, integrated protection process distributed processing of information from unauthorized access and to increase the speed of transmission of the coded message.

This technical result is achieved in that in the way of comprehensive protection of distributed information processing in computer systems on each user's device and servers distributed data processing have access to a computer system and form a system of internal and foreign keys on tables of secret keys obtained from a certification authority, the formation and distribution of keys, on the basis of tables of secret keys generated in the user device and the distribution server is by processing the secret inner disposable keys for symmetric encryption in the transmission environment of the user device and the data server, storage and processing of information in encrypted form, encrypted introduced and passed in the environment of the user device and server for distributed processing of data to be processed, including information in the database, Web pages and table of the e-mail server distributed processing by stochastic coding using the obtained secret inner symmetric one-time keys, refer to the user's device certification, generation and distribution of keys request to establish a connection with the pre-selected server distributed data processing to perform the processing functions, obtained from the CA, the formation and distribution of keys or form in the user device, and server distributed processing public keys for the modernization of tables of secret keys for the implementation of stochastic encoding information transmitted from the user device in the above-mentioned server distributed processing, information processing in the converted form and issuance of the distributed processing from the above-mentioned server distributed processing in the user device based on the received public key and tables of secret keys generated in polzovateli is the first device server for distributed processing of sensitive foreign one-time keys for symmetric encryption mode, and also carry out the modification tables of secret keys in the information transmission and processing in the encrypted form, encrypts the transmitted information by stochastic coding in the user device using the received secret symmetric external one-time keys, transmit encrypted by stochastic encoding information in the server distributed processing, processes the received information, stochastically encoded using a secret external symmetric key in encrypted form after additional encryption using a secret internal one-time symmetric key in accordance with the type of processing that is determined by the format of such data, with stochastically encode encrypted information resulting from the processing server distributed processing, using a secret symmetric external one-time keys, pass stochastically encoded encrypted information in a user device, take stochastically encoded encrypted information in the user device, and decode it for delivery to the user in plain text.

However, access to the computer system and the formation of the system of internal and external keys is carried out by input of the user is some device of the data carrier with the entry of a PIN code password, a hash function of the password, table, primary key and secret data permutations of columns and rows to get the secret table base key and secret foreign key table.

System keys are preferably formed in the form of a set of tables of secret base and foreign key generated by the secret permutations of columns and rows of the table primary key, which is obtained from the CA, the formation and distribution of keys.

In addition, the formation of tables of secret internal one-time keys to transmit information separately in the environment of the user device and server distributed processing, data encryption, including database tables, Web pages and table of the e-mail server, produced by permutations of columns and rows of the table base key using the secret permutations.

The public keys in the form of tables relative permutations form in the center of certification, generation and distribution of keys, the user device, the server distributed processing by inferring the set of tables of secret permutations using transitive dependencies between line items separately for a custom device and server distributed processing to bring their reception tables is the shaft of the foreign keys in the symmetric condition and modification of tables of secret keys, moreover, the conversion tables of the secret foreign key of the user device and server distributed processing in a symmetric state, and modification of tables of secret keys for distributed processing of encrypted data is carried out by use of permutations and substitutions of columns and rows of tables of secret keys of the user device and server distributed processing using a public key.

When this generation of one-time keys preferably carried out by changing a stochastic manner of random elements of the symmetric key tables external or internal key for each transmitted block of information by encrypting the stochastic encoding.

In addition, in the process of encryption and transmission of encrypted data to produce a periodic modification of the symmetric key table foreign key in the user device and the server distributed processing using a public key generated and transmitted to the user device and the server distributed processing.

In addition, the processing of encrypted data by executing predetermined programs in a protected stochastically transformed produce information and logical protected computing device with IP is the use of the secure arithmetic processor, the interface which will agree on the information tire table secret inner key and on the control bus commands are transmitted from the information-logical protected computing device, and before or after the stochastic transformation of each newly introduced program in information and logical protected computing system implement anti-virus protection based on the detection by using logical inference on the set of codes program commands viral functions in the form of chains of logically related code commands and destruction of detectable viral functions to ensure the integrity of the converted program.

When determining the type of processing on the format of the received information as arithmetic calculations emit in the format of the received data is encrypted operands and codes of arithmetic computations and transmit them to a secure arithmetic processor to implement the required computations in the encrypted form, and in determining the type of processing as a search and selection under the terms of the request the required information from the encrypted database tables produce encrypted data, which after additional encryption by comparing allocate data fields are encrypted tables required for sampling, with the implementation of compliance checks of the data selected is C encrypted tables required encrypted numeric parameters or procedures arithmetic calculations with selected fields in encrypted perform in the secure arithmetic processor.

In addition, when determining the type of processing as searching and retrieving encrypted Web pages optional encrypt keyword is encrypted request and determine by comparing the presence of the same keywords in each of the encrypted Web pages server distributed processing, and determining the type of processing as the transmission of e-mail received encrypted message optionally encrypt and compare the encrypted address of the recipient mail addresses of the servers of the system and allocate the server that contains the mailbox of the recipient, which is transmitted encrypted information.

In addition, the form is the hash function of the transmitted information, receive and transmit digital signature of the sender information and perform authentication of the sender and the integrity of the received information, and the hash function of the transmitted information in the form of random combinations of a given length is formed by addition stochastically coded blocks in the secure arithmetic processor of the user device and server distributed processing, and digital signature produced by the generation of the secret private key of the sender in the form of a random permutation of the rows of the table secret foreign key and compute the public key that the front of the t to the CA, the formation and distribution of keys to register the private key, and the authentication of the sender and the integrity of the received information using a hash function and digital signature secret private key used to encrypt the hash function of the transmitted information and the public key used to decrypt the received values of the hash function for comparison with the generated server distributed processing value.

This technical result is also achieved by the fact that the system of comprehensive protection of distributed data processing in computer systems contains CA, generation and distribution of keys, at least one user device and at least one server of a distributed data processing, while the CA, the formation and distribution of keys contains a subsystem user certification, the subsystem of formation of tables of secret keys, information and logical secure computing system, a subsystem of formation data carriers for certified users, the subsystem of formation of public-key subsystem authentication and integrity of information protected arithmetic processor subsystem key distribution, the control unit protected treatment is th, each user device contains a subsystem of formation of tables of secret keys, the internal stochastic decoder, the internal stochastic encoder subsystem secure access, secure arithmetic processor, information and logical secure computing system, the control unit is protected by a processing and transmitting unit stochastic transformation server distributed data processing subsystem contains the formation of tables of secret keys, transceiver block stochastic transformation, the internal structure of the stochastic re-encoding, the control unit is protected by a processing subsystem secure access, secure arithmetic processor, information and logical secure computing system and a secure database, and in CA, the formation and distribution of key information-logical secure computing system connected to the subsystem user certification, the subsystem of formation of tables of secret keys, is connected to the subsystem user certification, secure arithmetic processor subsystem of formation of public-key subsystem of formation data carriers for certified users and subsystem allocation keys, with the cat who Roy is connected the control unit is protected processing, coupled with subsystem authentication and integrity of information, user device information and logical protected computer system connected to the secure arithmetic processor, the internal stochastic encoder, internal stochastic decoder and transceiver block stochastic transformation subsystem secure access connected to the control unit is protected by a processing connected with the internal stochastic encoder, internal stochastic decoder transceiver block stochastic transformation subsystem of formation of tables of secret keys and information of the logical protected computing system, server, distributed data processing information and logical protected computer system connected to the secure arithmetic processor, a protected database, the internal device stochastic recoding and the control unit is protected by treatment with which it is interconnected transceiver block stochastic transformation, the internal structure of the stochastic encoding / decoding subsystem of formation of tables of secret keys and subsystem secure access, while the subsystem key distribution center certification, generation and distribution of keys is obedinena respectively with the subsystems of the formation of tables of secret keys of the user device and server in a distributed data processing.

When this subsystem secure access user device subsystem contains the information input from the data medium connected to the subsystem authentication and integrity of information that is connected with the control unit is protected by a user of the device.

Transceiver block stochastic transform the user device includes first and second device stochastic re-encoding, and the first device stochastic re-encoding is included in the transmission path of the data from the server distributed processing to information and logical secured computing system of the user device and the second device stochastic re-encoding is included in the rate of receiving data from the information-logical secured computing system of the user device to the server distributed processing.

In addition, the transceiver unit stochastic transformation server distributed processing includes first and second device stochastic re-encoding, and the first device stochastic re-encoding is included in the transmission path of the data from the control unit is protected by a processing server distributed processing for transmitting the stochastic block the conversion of Paul is outerscope device, and the second device stochastic re-encoding is included in the rate of receiving data from the transceiver unit of a stochastic transformation of a user's device.

In addition, the subsystem secure access server distributed processing subsystem contains the information input from the data medium connected to the subsystem authentication and integrity of information that is connected with the block is protected server processing distributed processing.

This secure database server distributed processing includes reserved table of email addresses, secure array of Web pages and protected data tables.

In addition, this technical result is achieved by the fact that the subsystem of formation of public keys for a system of comprehensive protection of distributed data processing in a computer system includes a memory unit for tables of secret permutations of columns and rows of tables of secret keys, the block of memory for the table is symmetric permutation of rows and columns of the foreign key table, the register sequence transitive relationship between rows of tables of secret permutations block inference on sequence transitive dependencies block of memory for the table relative unclassified permutation of the columns and tractability foreign key register the public key, the input switching unit, the input of which is the input of the data input subsystem, the output switching unit, the output of which is the output of the conclusion of the public key subsystem, and the control unit, and the outputs of the control unit are connected respectively to the inputs of the memory block for tables of secret permutations of columns and rows of tables of secret keys, a block of memory for the table is symmetric permutation of rows and columns of the foreign key table, register sequence transitive relationship between rows of tables of secret permutations, register the public key of the input and output blocks of the switching unit logical conclusion in a sequence of transitive dependencies, second and third the inputs of which are connected respectively to the outputs of the memory block for the table of the symmetric permutation of rows and columns of the foreign key table and register sequence transitive relationship between rows of tables of secret permutations, and the output to the input of the memory block for the table relative unclassified permutation of rows and columns of the foreign key table, the output of which is connected to the input register of the public key, the output of which is connected to the input of the output of the switching unit, another input connected to the outputs of the memory block for tables of secret Berestnev what to columns and rows of tables of secret keys, connected to its input to an output, the input of the switching unit, and the second outputs of the input and output of the switching unit is connected to the input of the control unit.

This technical result is achieved by the fact that the stochastic encoder for a system of comprehensive protection of distributed data processing includes an input register permutation, the entrance of which is the input encoded data stochastic encoder, block registers columns mnogourovnego encoder, the first input coupled to the output of the input register permutation, the connection circuit column outputs connected with the second inputs of the registers unit columns mnogourovnego encoder, cyclic register permutation outputs connected to corresponding inputs of the connection circuit column, a block of keys-inverters whose outputs are connected to respective inputs of the cyclic register permutations, recurrent register outputs connected to corresponding inputs of the block of keys-inverters, a method of forming range, the adder for mod 2, the inputs of which are connected respectively to the outputs of registers unit columns mnogourovnego encoder and shaping circuit scale and the output to the input of the output register of the code block whose output is the output encoded data of the stochastic encoder, and the unit is driven by the I, the outputs of which are connected respectively to the inputs of the input register permutation block registers columns mnogourovnego encoder connection circuit column, cyclic register permutation block of keys-inverters, recurrent case, the scheme of formation of gamma adder for mod 2 and the output register of the code block, and the control unit, which is connected to an additional output of the recurrent case, has an additional input and output for connection to other control units of the system of comprehensive protection of distributed data processing.

Thus the scheme of formation of gamma block contains registers table columns forming range, the connection circuit column outputs connected to the inputs of block registers table columns forming range, the cyclic register permutation outputs connected to corresponding inputs of the connection circuit column, a block of keys-inverters whose outputs are connected to respective inputs of the cyclic register permutations, recurrent case, the output of which is connected to the corresponding inputs of the block of keys-inverters, the case of the original range, the adder for mod 2, the key, the input connected to the output of block registers table columns forming range, and first and second outputs respectively with the input of the adder by mod 2 with the volumes of the formation of scales and with the input of the adder by mod 2 stochastic encoder, and the control unit, the outputs of which are connected respectively to the inputs of recurrent case, the block of keys-inverters, cyclic register shifts, wiring diagram, columns, block registers table columns forming range, key, adder on mod 2 shaping circuit scale and the case of the original scale, output connected to the input of the control unit generation scheme, with the second input of which is connected to an additional output of the recurrent register, and a third input connected to a corresponding output of the control unit of the stochastic encoder. In addition, this technical result is achieved in that the device stochastic transcoding for a system of comprehensive protection of distributed data processing contains the input register of the code block, first degree stochastic transformation, the input of which is connected to the output of the input register of the code block, the first register permutation, the first and second inputs which are connected respectively with the first and second outputs of the first stage stochastic transformation, the second register permutation, the first inputs of which are connected respectively to the outputs of the first register of permutations, second degree stochastic transformation, the input of which is connected to the output of the second register permutations, and PE is the first exit - with the second input of the second register permutation, and the output register of the code block, the input of which is connected with the second output of the second stage stochastic transformation with each of these stages stochastic transformation block contains registers columns mnogourovnego encoder, a first input which is the input of the respective stage stochastic transformation, the connection circuit column outputs connected with the second inputs of the registers unit columns mnogourovnego encoder, cyclic register permutation outputs connected to corresponding inputs of the connection circuit column, a block of keys-inverters whose outputs are connected to respective inputs of the cyclic register permutations, recurrent register outputs connected to corresponding inputs block of keys-inverters, a method of forming range, the adder for mod 2, the first inlet through which the key is connected to the output of the register unit columns mnogourovnego encoder, and the second input - output pattern range, and the second output key is the second output of the corresponding stage stochastic transformation, the control unit, the first output of which is the first output of the corresponding stage stochastic transformation, and the remaining outputs are connected according to the respectively to the inputs of register unit columns mnogourovnego encoder, the connection circuit column, cyclic register permutation block of keys-inverters, recurrent case, an additional output connected to the respective input of the control unit, scheme of formation of gamma adder for mod 2 and key, and the control unit has an additional input and output for connection to other control units of the system of comprehensive protection of distributed data processing.

Brief description of drawings

The invention is illustrated by examples of its implementation, illustrated by drawings, which presents the following:

figure 1 is a generalized block diagram of a system of comprehensive protection of distributed data processing in computer systems;

figure 2 - block diagram of the CA, the formation and distribution of keys.

figure 3 - block diagram of the user device;

4 is a block diagram of a server of a distributed data processing;

5 is a block diagram of a subsystem of formation of tables of secret keys used in the CA, the formation and distribution of keys.

6 is a block diagram of a subsystem of formation of tables of secret keys used in the user device and the server distributed processing of information;

7 is a block diagram of a subsystem of formation of public keys used in the CA, the formation of the deposits and the distribution of keys;

Fig is a block diagram of a subsystem authentication and integrity of information used in the certification authority, the formation and distribution of keys, user devices and servers in distributed processing;

Fig.9 is a block diagram of a stochastic encoder used in the user devices and subsystems authentication and integrity verification of the information center certification, generation and distribution of keys, user devices and servers distributed processing;

figure 10 is a block diagram schematic of the formation of scales for use in stochastic encoder in figure 9;

figa, 11B - device stochastic encoding used by the user devices and servers in distributed processing;

Fig tables CA, formation and distribution of keys.

Fig - schematic representation of the process of formation of public keys for users in CA, the formation and distribution of keys.

Fig - schematic representation of the procedures of distribution keys.

Preferred embodiments of the inventions

As shown in figure 1, the system of comprehensive protection of distributed data processing in computer systems contains 1 certification, generation and distribution of keys, ENISA least one user device 2 and at least one server 3 distributed data processing. Center 1 certification, generation and distribution of keys (figure 2) contains the subsystem 4 user certification, the subsystem 5 formation of tables of secret keys, information and logical secure computing system 6, the subsystem 7 of the forming carriers for certified users, subsystem 8 of the formation of public-key subsystem 9 authentication and integrity of information protected arithmetic processor 10, the subsystem 11 key distribution and control unit 12 is protected processing.

Each user device 2 (figure 3) contains a subsystem 13 for the formation of tables of secret keys, the internal stochastic decoder 14, the internal stochastic encoder 15, subsystem 16 secured access, including a subsystem 17 input information from the data medium and the subsystem 18 authentication and integrity of information protected arithmetic processor 19, information and logical secure computing system 20, the control unit 21 is protected by the processing and transceiver unit 22 stochastic transformation, which includes the first and second devices 23, 24 stochastic re-encoding information.

Server 3 distributed data processing (figure 4) contains the subsystem 25 formation of tables of secret keys, transceiver b is OK 26 stochastic transformation, comprising first and second devices 27, 28 stochastic re-encoding information, the internal device 29 stochastic re-encoding, the control unit 30 is protected by the processing subsystem 31 secured access, including a subsystem 32 input information from the data medium and the subsystem 33 authentication and integrity of information protected arithmetic processor 34, information and logical secure computing system 35 and secure database 36, which includes a reserved table 37 email protected arrays of Web-pages 38 and protected data table 39.

In the center 1 certification, generation and distribution of keys (2) information and logical protected computer system 6 is connected to the subsystem 4 certification of users connected to the subsystem 5 formation of tables of secret keys, the secure arithmetic processor 10, the subsystem 5 formation of tables of secret keys, subsystem 8 of the formation of public-key subsystem 7 forming media for certified users and subsystem 11 key distribution, which is connected to the control unit 12 is protected by the processing connected to the subsystem 9 authentication and integrity of information.

In the user device is 2 (3) information-logical-protected computer system 20 is connected to the secure arithmetic processor 19, internal stochastic encoder 15, the internal stochastic decoder 14, the first and second devices 23, 24 stochastic re-encoding information and the control unit 21 is protected by treatment with which is connected the internal stochastic encoder 15, the internal stochastic decoder 14, the first and second devices 23, 24 stochastic re-encoding information, the subsystem 13 formation of tables of secret keys and subsystem 18 authentication and integrity of information, which are connected to subsystem 17 input information from the media data.

In the server 3 distributed data processing (4) information and logical secure computing system 35 is connected to the secure arithmetic processor 34, a protected database 36, which includes a reserved table 37 email protected arrays 38 Web pages and protected table 39 data with the control unit 30 is protected by treatment with which are connected the first and second devices 27, 28 stochastic re-encoding, the internal device 29 stochastic encoding / decoding subsystem 25 formation of tables of secret keys and subsystem 31 secured access, including a subsystem 33 authentication and integrity of information, with which is connected subsystem 32 input information from the media, Yes the data. When this subsystem 11 key distribution center certification, generation and distribution of keys are connected respectively with the subsystems 25 and 13 of the formation of tables of secret keys server 3 distributed data processing and user device 2, and the first and second devices 27, 28 stochastic re-encoding information server 3 distributed processing are connected respectively with the first and second devices 23, 24 stochastic re-encoding information of the user device 2.

Figure 5 presents the subsystem 5 formation of tables of secret keys center 1 certification, generation and distribution of keys containing the memory block 40 table of the master key, the memory block 41 tables, primary keys, a memory unit 42 table key distribution, the sensor 43 random numbers with the scheme of selection of 44 combinations, the register 45 permutation of the columns, the register 46 permutation of rows, switching unit 47 connected to the outputs of the memory block 40 table of the master key and registers 45, 46, block 48 management, coupled with the above elements 40-47.

Figure 6 presents the subsystem 13, 25 formation of tables of secret keys used in the server 3 distributed processing and user device 2. Subsystem 13, 25 formation of tables of secret keys contains memory blocks 49, 50, 51, 52 tables, primary, basic, internal and external key, the sensor 53 of random numbers with the scheme of choice 54 combinations registers 55, 56, 57, 58 permutations of columns and rows respectively of the base and foreign keys, switching unit 59 connected to the outputs of the memory block 49 table primary key and the aforementioned registers 55, 56, 57, 58, and the control unit 60 connected to the above elements 49-59.

Figure 7 presents subsystem 8 forming public key center 1 certification, generation and distribution of keys containing the memory block 61 for tables of secret permutations of columns and rows of tables of secret keys, a memory unit 62 for a table of the symmetric permutation of rows and columns of the foreign key table, the register 63 sequence transitive relationship between rows of tables of secret permutations, block 64 logical conclusion in a sequence of transitive dependencies, memory block 65 table relative unclassified permutation of rows and columns of the foreign key table, the register 66 public key, the input and output blocks 67, 68 switching and control unit 69 outputs which are connected respectively to the inputs mentioned memory blocks 61 and 62, registers 63 and 66, the input and output blocks 67, 68 switching unit 64 logical conclusion in a sequence of transitive dependencies, second and third inputs which the CSOs are connected respectively to the outputs of the memory block 62 table symmetric permutation of rows and columns of the foreign key table and the register 63 sequence transitive relationship between rows of tables of secret permutations and the output to the input of the memory block 65 table relative unclassified permutation of rows and columns of the foreign key table, the output of which is connected to the input register 66 public key, connected to the input of the output unit 68 switching, another input connected to the outputs of the memory block 61 for tables of secret permutations of columns and rows of tables of secret keys connected with its input to an output, the input of the switching unit 67.

On Fig presents subsystem 9 (18, 23) authentication and integrity of information used in the above-described center 1 certification, generation and distribution of keys, the user device 2 and the server 3 distributed processing. Subsystem authentication and integrity check information contains the registers 70, 71, 72, respectively, password, PIN code and a secret private key associated with the switching unit 73, an external stochastic encoder 74, coupled to the memory block 75 columns of the encoding symbols of the code block in a numeric code and a comparison circuit 76 of the values of the hash functions associated with the control unit 77 which is connected with the said registers 70, 71, 72, the switching unit 73 and the external stochastic encoder 74.

Figure 9 presents the stochastic encoder 15 user device 2 containing the input register 78 cease ovci, which input is the input encoded data stochastic encoder, the block of registers 79-1, 79-2,...,79-n of the columns mnogourovnego encoder, the first input coupled to the output of the input register 78 permutation, the connection circuit column 80, the outputs are connected with the second inputs of the block of registers 79-1, 79-2,..., 79-n of the columns mnogourovnego encoder, cyclic register 81 permutation outputs connected to corresponding inputs of the circuit 80 connection columns, a block of keys-inverters 82-1, 82-2,..., 82-n, the outputs of which are connected to the corresponding inputs of the cyclic register 81 permutations, recurrent register 83, outputs connected to corresponding inputs of the block of keys-inverters 82-1, 82-2,...,82-n, scheme 84 forming range, the adder on mod 2 85, the inputs of which are connected respectively to the outputs of the block of registers 79-1, 79-2,..., 79-n of the columns mnogourovnego encoder and circuit 84 forming range, and the output to the input of the output register 86 of the code block whose output is the output encoded data of the stochastic encoder, and the control unit 87, the outputs of which are connected respectively to the inputs of the input register 78 permutation, recurrent register 83, block of keys-inverters 82-1,82-2,..., 82-n, cyclic register 81 permutation scheme 80 connect the columns of the block of registers 79-1, 79-2,...,79-n of the columns mnogourovnego to the Dera, scheme 84 forming range, adder on mod 2 85 and the output register 86 of the code block, and the control unit 87, with the respective input of which is connected to an additional output of the recurrent case, has an additional input and output for communication with other control units of the system of comprehensive protection of distributed data processing.

Figure 10 shows a diagram 84 forming range, part of the stochastic encoder 15, containing a block of registers 88-1, 88-2,..., 88-n columns of the table forming range, the circuit 89 connecting column outputs connected to the inputs of block registers 88-1, 88-2,..., 88-n columns of the table forming range, the cyclic register 90 permutation outputs connected to corresponding inputs of the circuit 89 connection columns, a block of keys-inverters 91-1, 91-2,..., 91-n, the outputs of which are connected to the corresponding inputs of the cyclic register 90 permutations, recurrent register 92, outputs connected to corresponding inputs of the block of keys-inverters 91-1, 91-2,..., 91-n, register 93 source range, the adder on mod 2 94, key 95, the input connected to the output of block registers 88-1, 88-2,..., 88-n columns of the table forming range, and first and second outputs respectively to the input of the adder by mod 2 94 shaping circuit scale and to the input of the adder by mod 2 85 stochastic encoder 15 (Fig.9), and the block control the means 96, the outputs of which are connected respectively to the inputs of the recurrent register 92, a block of keys-inverters 91-1, 91-2,..., 91-n, cyclic register 90 permutations, wiring diagrams columns 89, block registers 88-1, 88-2,..., 88-n columns of the table forming scales, key 95, adder on mod 2 94 and register 93 original scale, output connected to the input of the control unit 96, a second input connected to an additional output of the recurrent register, and a third input connected to a corresponding output of the control unit 87 stochastic encoder 15.

Stochastic decoder 14 (Fig 3) is similar to the stochastic encoder 15, the scheme is presented in Fig.9. The only difference is that the direction of the passage of the processed signal in the decoder circuit reversed compared with the scheme of the encoder (Fig.9). Thus, at block 86 (output register code block figure 9) in the scheme of stochastic decoder will be decoded input data, and at block 78 (input register permutation figure 9) will be issued to output the decoded data.

On figa, 11B illustrates the device stochastic re-encoding (23, 24 figure 3, 27, 28 figure 4)included in the user device 2 and the server 3 distributed processing. The device stochastic re-encoding the content is it connected in series input register 97 of the code block, the first step 98 stochastic transformation, the first and second registers 99, 100 permutations, the second stage 101 stochastic transformation and the output register 102 of the code block. The first and second stages 98, 101 have an identical structure, which practically coincide with the structure of the stochastic encoder 15 (see items 79, 80, 81, 82, 83, 84, 85, 87 figure 9). Essentially, the difference lies in the introduction of key 103 between the output of the block of registers 79-1, 79-2, 79-n and the input of the adder by mod 2 85, and the output of the key 103 is an output of the corresponding stage stochastic transformation.

On Fig shows the tables CA, generation and distribution of keys.

Fig illustrates the process of forming public keys for users in CA, generation and distribution of keys.

On Fig shows the main steps of the procedure of distribution of keys.

Let us consider in more detail the implementation of the proposed system of comprehensive protection of distributed information processing in computer systems (figure 1).

The main objectives of the centre 1 of the certificate of formation and distribution of keys are connecting user devices 2 to the protection system certification, generation and distribution of private and public keys between the user devices 2 and 3 servers distributed about the abode data. In the centre of 1 of the certificate is generated and stored master key system master key, which is randomly filled codes table. The structure of the centre 1 certification is presented in figure 2. Certification of user devices 2 and 3 servers distributed processing to connect to the security system is in subsystem 4 user certification. The formation of the table of the master key is in the subsystem 5 formation of tables of secret keys.

Based on the table of the chief of the secret key in the subsystem 5 formation of tables of secret keys by a random permutation of its rows and columns is formed by many different tables initial secret keys for users. Each received the table of initial secret key is mapped applied permutation of columns and rows of the chief of the secret key. Then in the same subsystem 5 for each table the initial secret key by random permutations of its rows and columns are formed of the table base secret key and the external secret key. Each resulting table are associated with using a random permutation of columns and rows in the table the initial secret key. All these procedures are performed under the control information logic protects the Noah computing system 6, programs which are executed in a secure manner. The structure and operation of information-logical protected computing system 6 described in the patent of the Russian Federation No. 2137185 from 09.01.98.

Received the table primary key and a random permutation of columns and rows to form tables of the underlying secret key and the external secret key enter the subsystem 7 of the forming carriers for certified users. In this subsystem is the formation of media data and issuing their users, certified for connection to the system of protection of distributed data processing in computer systems.

Key permutation of columns and rows, which are used when forming each table primary key, stored in the allocation table of keys for users (Fig). In addition, the table records obtained from a random numbers generator subsystem 9 authentication and integrity of user information values of PIN and password. A combination of password and PIN code computes its hash function, the procedure for which is described below. When certifying the user in the table are also reported his passport data. Then for each user in the subsystem 7 of the forming carriers for certification users is formed is the eh data smart card, a copy of which is stored in the CA. It contains a full table primary key and a set of secret keys-permutations for base tables and foreign keys of the user. In addition, the smart card is written to the PIN and the value of the hash function of the password the user (Fig). Received smart card is issued to the user to type in his computer (user device 2 or the server 3 distributed processing).

For the formation of a system of keys, the user enters into the computer the information from the smart card received in the center 1 certification, generation and distribution of keys. After that, the computer is the formation of the table base key on the basis specified in the smart card key permutations of columns and rows. Then using the appropriate permutations generated foreign key table and code table secure arithmetic processor 10. The structure and operation of the secure arithmetic processor 10 described in the work: Nasypny CENTURIES "Protection of arithmetic in computer systems", PC World, 1999, No. 4, S. 73-74. While in the user device 2 and the server 3 distributed processing applied subsystem 13, 25 formation of tables of secret keys and the control unit 21, 30 protected processing, as well as information on the NGO-logical-protected computer system 20, 35 (Fig 3, 4).

The result on the monitor screen, the message "Enter your personal password. After entering the user password in the subsystem 16 secure access subsystem 18 authentication and integrity verification information using the table base key and the secure arithmetic processor 19 calculates the value of the hash function of the password, which is compared with similar value entered from the smart card. The coincidence of the compared values is activated, the control unit 21 is protected by the processing and the user gets access to its functions. If after m times the input password is its hash will not match the value entered from the smart card, the security system is locked, the smart card is cancelled. To get a new smart card, the user must contact center 1 certification, generation and distribution of keys.

When accessing the functions of the protection system by the user in the user device 2 based on the table primary key and secret permutations, introduced from the smart card, is the formation of the base tables of the secret key, and then the table of the external secret key. Received the tables of the underlying secret key is subjected to random permutations of columns and rows to form tables of internal secret what about the key. Then copy the resulting tables of internal secret key is recorded in the internal stochastic encoder 15, the internal stochastic decoder 14, and the transceiver unit 22 includes first and second devices 23, 24 stochastic re-encoding information in the user device 2. Procedures are implemented by execution of the protected software in the information-logical-protected computer system 20 according to the commands of the control unit 21, 30 protected processing. After that, the control block 21 secured processing configures the internal stochastic encoder 15, the internal stochastic decoder 14 and ensures availability of host-only secure transmission and processing of information in the user device 2.

The same procedure for input of data from the smart card using the subsystem 31 secured access, including subsystem 32 input information from the data medium and the subsystem 33 authentication and integrity of information are performed in the server 3 distributed processing. After user authentication is the start control unit 30 is protected by a processing system, which in the subsystem 25 formation of tables of secret keys is the formation of tables of external secret key and the base is about the secret key. When this table is based on the initial secret key and the secret permutations, introduced from the smart card, is first the formation of the base tables of the secret key, and then the table of the external secret key. The resulting table base secret key are random permutations of columns and rows to form tables of internal secret key. Then copy the resulting tables of internal secret key are stored in internal device 29 stochastic re-encoding information, as well as in the devices 27, 28 stochastic re-encoding information transmitting-receiving unit 26 stochastic transformations. Procedures are implemented by execution of the protected software in the information-logical secure computing system 35 according to the commands of the control unit 30 is protected by treatment. After this command the control unit 30 is protected by the processing connected to the information-logical secure computing system 35, is the encryption table 35 email protected data tables 39 and protected arrays of Web-pages 38. However, by command of the control unit 36 is protected by the processing of internal device 29 stochastic recoding mode internal stochastic encoder, with which the agreement is : the interface of the secure arithmetic processor 34.

After completion of the described process of forming the key tables, the user may make a request to the center 1 certification, generation and distribution of keys for the organization closed communication with the desired server 3 distributed processing (by another user). This should be preceded by an agreement on the organization of such a communication received on open communication. This request center 1 certification ensures the formation and distribution of public keys between users to provide a closed connection. The structure of this process is shown in Fig.

Consider the function 1 certification, generation and distribution of keys, the user device 2 (user) and server 3 distributed processing (user) during the organization process closed connection.

The functions of the certification authority, the formation and distribution of keys:

1) the credentials of the users a and b to establish a sealed connection;

2) the formation of a public key for the user device 2;

3) the formation of a public key for the server 3 distributed processing;

4) issuance of a public key over the network connection in the user device 2 and the server 3 distributed processing for establishing a closed symmetric relation;

5) after completion of the communication session issuance of new the public key to bring the communication system in an asymmetric mode.

Function users ():

1) obtaining the public key-permutation;

2) modification of the foreign key table for the implementation of closed symmetric relation;

3) making tables for devices 23, 24 (27, 28) stochastic re-encoding information transmitting-receiving unit 22 (26) stochastic transformations;

4) making tables for schema generation range of devices stochastic re-encoding 23, 24 (27, 28);

5) start transmission of information in a closed mode.

The credentials of the user of the user device 2 and the server 3 distributed processing to establish open communication is performed in the subsystem 4 user certification (2). special tables for determining the scheme allowed information interactions between users of the system in the closed mode. If user credentials for the preparation of the closed connection is confirmed, CA, formation and distribution of keys automatically generate a public key for the user device 2 and the server distributed processing 3.

The formation of a public key based on the application of a unidirectional function using the relative permutation on a long enough random combinations of characters (length n >100). As noted above, the center 1 certification the formation and distribution of keys contains all the key-permutation of columns and rows, allowing the table of the master key to generate for each user table, primary, basic and external secret key. After booting the system all these tables, including a table of external secret keys for different users will be asymmetric. To arrange a private communication between users a and b, it is necessary to lead their tables external secret key in the same condition. This is ensured by the presence in the centre of 1 certification all of the above functionally related secret permutations of the tables (primary, basic and external secret key).

Subsystem 8 formation of public keys (figure 2) using the Boolean output sequence transitive relationship between rows of tables of secret permutations are defined relative permutations for users a and b, which allow you to produce tables of the external secret key in a symmetric state. These relative permutations are public keys. On their basis the users a and b can translate table external secret key in identical conditions for the organization of closed symmetric relation. With this purpose in subsystem 8 formation of public keys (figure 2) from podci theme 5 formation of tables of secret keys through information and logical secure computing system 6 data tables of secret permutations of columns and rows of tables of secret keys (primary, basic and external). Then, on the basis of these tables are generated sequence transitive relationship between rows of tables of secret permutations. Next, using inference on sequence transitive dependencies are determined by the table relative unclassified permutation of columns and rows of the external secret key separately to the user device 2 and the server 3 distributed processing. Derived tables are public keys, providing translation tables external secret key of the user device 2 and the server 3 distributed processing in a symmetric state. Received public keys enter the subsystem 11 key distribution and communicated by the computer system to the corresponding user device 2 and the server 3 distributed processing.

The function of the formation of public keys by using the relative permutation is one-way for any user of the system. This is because, in the centre of 1 of certification, generation and distribution of keys, with full functional diagram between keys-permutations, one can easily compute the function y=f(x). Here x is the value of primary, basic or external secret key, f is a functional relation between them, set secret PE is ustanovkami, y - relative unclassified permutation. However, the known value of y, not knowing the whole scheme of functional relationships between tables, you cannot recover the secret permutation, the source table primary, basic or external secret key. Since the corresponding tables of secret permutations for each individual user, then no one except him will not be able to build a new symmetric table external secret key when the organization closed, with reference to a subscriber based on the received public key. No one will be able to calculate on the generated key of the source table values primary, basic or external secret key of the user. This is because the definition of these permutations and tables associated with a full search of all possible combinations on the set V=n! (for n=100, for example, V>10100,which is almost impossible). Therefore, the function y=f(x) is one-way for all other users of the system. Thus, even a user with which the user interacts And having after processing, the public key is identical to the external session secret key will not be able to open a basic and initial secret keys of the user And by the inverse permutation.

On the basis of the received public key subsystem 13 and 25 of the Constitution of the tables I secret keys of the user device 2 and the server 3 distributed processing create table symmetric external secret key. These tables are written to the device 23, 24 (27, 28) stochastic re-encoding information transmitting-receiving unit 22 (26) stochastic transform the user device 2 (server 3 distributed processing), thereby establishing a closed symmetric relation between them. In devices of stochastic re-encoding information 23, 24 (27, 28) is necessary negotiation tables of external and internal codes, providing a closed loop transmission and processing of protected information between the user device 2 and the server 3 distributed processing. This circuit passes from the internal stochastic encoder 15 user device 2 to the internal device stochastic re-encoding information 29 server distributed processing, connected to the information-logical secure computing system 35 and back through the internal structure of the stochastic re-encoding information 29 to the internal stochastic decoder 14 user device 2. In the transfer process based on the stochastic choice of random elements tables internal and external secret key is implemented with one key, providing the required guaranteed level of protection of the information.

After Sean is and a closed connection, the CA sends the users a and b public key permutations to generate the asymmetric tables source external secret key.

Thus, proceeding from a variety of protection features information transmission and processing) system keys is a duplex. The first level is the table of initial, basic and external secret key. These tables, the user enters in the user device 2, the server 3 distributed processing using the obtained center 1 certification, generation and distribution of keys of a data carrier. These tables secret keys continuously (periodically) updated using the public key generated by the CA, the formation and distribution of keys. In the process of information transfer between users a and b is implemented by a system function periodic modification of tables of secret foreign keys used in stochastic encoder 14 and the circuit 84 forming range. This function is performed using a public key generated in the user device 2 and the server 3 distributed processing (users a and b, which are involved in the exchange of classified information. In the process of exchange of classified information specified system function is essentially one of the basic procedures to ensure its reliability and security. The choice of the period modification tables of secret foreign keys in a significant impact on the level samisen the STI information.

The second level of the system keys are stochastic one-time keys. They are based on tables of external secret key used in the stochastic encoder 14 and the circuit 84 of the formation of scale by stochastic selection of unique combinations of random elements specified tables. This level correspond to local features of stochastic encoding and gammirovanie implemented using stochastic one-time keys.

In General, the reliability and security of the stochastic process of encoding information for transmission depends on the frequency of implementation of system functions modification of tables of secret foreign keys, and the effectiveness of the stochastic one-time keys stochastic encoder 14 and circuit 84 forming range.

In the control unit 30 is protected by formatting the received message to determine the type of processing that must be done in a secure information-logical computing system 35 using proprietary data and stochastically transformed programs. This processing can be an electronic mail transfer, arithmetic calculations, search and selection on request the required information from the encrypted database 36. These functions are performed using the internal condition the device 29 stochastic re-encoding, connected to the control unit 30 is protected processing and information-logical secure computing system 35. The order of execution of data processing functions protected information using protected stochastically transformed programs in information and logical secure computing system 35 described below.

In the process of processing information using stochastically transformed programs and data in information-logical secure computing system 35 provides comprehensive protection against unauthorized access, software, bookmarks and viruses.

When writing new programs before or after a stochastic transformation of each newly introduced program in information and logical protected computing system implement anti-virus protection based on the detection of viral functions using logical inference on the set of codes of the program commands. First is the allocation of codes of commands that can use viruses to implement the illegal actions with programs, data, and text files. Then by logical conclusion receive chains of logically related codes commands, including the aforementioned "viral" codes, and define the objective function of each such chain. If this target function is the tsya viral, this chain of logically related commands refers to viral functions. In this case, it is the destruction of ensuring the health of the converted program.

The following describes the operation of individual subsystems and devices in the system.

Subsystem 4 certification user (2)

This subsystem organizational type contains standard device input/output information, is connected to the subsystem 5 formation of tables of secret keys. It provides input the passport data of the user computers when their certification to connect to the security system of distributed information processing in computer systems. The composition of passport data recorded in the tables of the distribution of keys for users (Fig)stored in the subsystem 5 formation of tables of secret keys.

Subsystem 5 formation of tables of secret keys (5)

This subsystem is part of the centre 1 certification, generation and distribution of keys. Its purpose is to create a table-based master secret key by a random permutation of columns and rows of multiple tables initial secret keys to certified users of the system. In addition, this subsystem are generated tables of secret permutations of columns and rows required for receipt is based on a table of the initial secret key of the table base and the external secret key for each user (Fig). The launch of this subsystem is made according to the commands received from the information-logical-protected computer system 6. There is the handle, which then flows into the subsystem 7 of the forming carriers for certified users, as well as the subsystem 8 formation of public keys. Based on received commands execute unit 48 control of this subsystem, which includes the sensor 43 of random numbers. Begins the process of generating a sequence of random numbers, which comes in the scheme of 44 combinations. Here is a selection of n different random numbers coming through the block 48 of the control register 45 permutation of columns. After that, the same way is filled with n different random numbers register 46 permutation of rows. Further, the sensor 43 random number is temporarily disabled. Begins the process of forming the table of initial secret key by permutations of columns and rows of the chief of the secret key using the completed registers 45, 46 permutation of columns and rows. With this purpose, the command unit 48 controls first the sequential selection of rows from a table master secret key, the entry of each line in the register 45 permutation of the columns, where in accordance with the recorded random sequence p which is a permutation of the fields of the given i-th row. The obtained data line through the switching unit 47, block 48 management act in the memory unit 41 tables initial secret keys generated and stored in the table of initial secret key for another user. This line number is determined by the corresponding i-th random number read from the register permutation of rows. As a result, after reading n rows and perform the described changes in the memory block 41 tables initial secret key is generated table of initial secret key for another user. Then this table through the block 48, the control enters the block of memory table 42 distribution of keys and recorded in the appropriate table of the distribution of keys for the specified user (Fig). There, through the switching unit 47 unit 48 controls are recorded sequence of secret permutations of columns and rows from the appropriate registers. After that, the block 48 control again produces the activation of the sensor 43 of random numbers, which, as described above, provides a random permutation of columns and rows for the formation of the first table base secret key, then click for the table of the external secret key. Obtained secret permutation sequentially through switching unit 47 unit 48 controls come in a memory block is abliz 42 key distribution and tabulated copies of the smart card of another user (Fig). There are written the table of initial secret key and the corresponding secret permutation of columns and rows from the table on the distribution of keys to users. After that, the command unit 48 controls the sensor 43 generates random numbers the values of PIN and password for this user. The values obtained through the scheme of 44 combinations and unit 48 controls come in a memory block tables, primary keys and are recorded in the distribution table user keys generated for the specified user (Fig). From there the values of PIN and password through the block 48 of the control and switching unit 47 are received in the information-logical secure computing system 6. Further, these values through the subsystem 11 key distribution and control unit 12 is protected by the processing enter the subsystem 9 authentication and integrity of information. Here for combinations of PIN and password are formed, a hash function of the password, which reverse the order issued in the subsystem of formation of tables of secret keys and stored in the specified table key distribution to users. The order of forming the hash of the password in the subsystem 9 authentication and integrity verification of the information described below. Then the values of PIN and the hash of the password entered in the table to the AI smart card for the user (Fig). After that, the generated copy of the smart card user through information and logical computing system 6 enters the subsystem 7 of the forming carriers for certified users.

Subsystem 7 of the forming carriers for certified users (3)

In this subsystem, the recording of the received copies of the smart card to the appropriate media. The resulting carrier (smart card) is issued to the appropriate user. While he orally reported the value of a personal password.

Subsystem 13, 25 formation of tables of secret keys of the user device 2 (server 3 distributed processing)

This subsystem is triggered when you enter the smart card subsystem 17, 32 input information from media subsystem 16, 31 secure access user device 2 and the server 3 distributed processing and user authentication using subsystem 18, 33 user authentication and integrity of information. After authenticating the user upon command from the control unit 21, 30 secure processing through the switching unit 59 and the block 60 control in the memory unit 49 table primary key enters read from the smart card table primary key of a given user. In the registers 55, 56 re the system of columns and rows for forming the base key and registers 57, 58 permutations of columns and rows for the formation of the foreign key are read corresponding numeric sequence from the smart card.

Then begins the process of formation table base secret key by permutation of rows and columns primary key using the completed registers 55, 56 permutation of columns and rows to form a table of all basic secret key. With this purpose, the command unit 60 controls first the sequential selection of rows from a table the initial secret key, the entry of each row in the register 55 permutation of the columns, where in accordance with the recorded random sequence is a permutation of the fields of the given i-th row. Received line through the switching unit 65, block 60, the control enters the block memory 50 table base key. There it is written in the generated table base secret key for a given user. This line number is determined by the corresponding i-th random number read from the register 56 permutation of rows. As a result, after reading n rows and perform the described changes in the memory unit 50 table base key will be generated table base secret key of this user.

The table underlying secret key is the original when formirovaniia external secret key based on n different random numbers, recorded in the registers 57, 58 permutations of columns and rows to form the table of the external secret key. The order of formation of the table of the external secret key by permutations of columns and rows of the table base secret key identical to the above algorithm, the base key. As a result of its implementation in the memory unit 51 foreign key table will be written to the table of the external secret key of this user.

After that, the command unit 60, the control starts the sensor 53 of random numbers. As a result, after the scheme of 54 combinations and block 60 control registers 57, 58 permutations of columns and rows to form the table of the external secret key do a random sequence, each of which contains n different random numbers. In this case, these random sequences are used to build tables of internal secret key on the basis of previously obtained table base secret key. Then the sensor 53 random number is temporarily disabled, and implemented the algorithm described above permutation of columns and rows of the table base secret key. As a result, the internal secret key is recorded in the memory unit 52 of the internal key. Thus forming table base, external and internal is its secret keys, necessary to implement secure transmission and processing of information in the server 3 distributed processing and the user device 2.

Subsystem 8 formation of public keys (7)

The purpose of this subsystem is to generate a public key for the user device 2 (user) and server 3 distributed processing (user), which provides a translation of their external secret key in a symmetric state. As noted above, this function is executed every time when the organization closed communication between users a and B. In this case the formation of public keys is done using the logical output functionally related tables of secret permutations of columns and rows using the transitive dependencies. Before beginning this process, a 1 certification, generation and distribution of keys using sensor 43 random numbers and scheme selection 44 combinations of subsystem 5 formation of tables of secret keys to generate sequences of secret permutations of columns and rows for the symmetric foreign key. These sequences allow us to form based on the table of the chief of the secret key, by appropriate permutations of rows and columns of the symmetric table external secret key d is I users a and B. However, given that formed the table of initial, basic and external secret key of each user is different, it is necessary to perform logical processing of the corresponding permutations. When calculated relative unclassified permutation (public keys) for users a and b to bring their asymmetric tables external secret keys in symmetric (identical) state. To this end received in the subsystem 5 formation of private keys specified secret permutation tables of columns and rows is written through information and logical secure computing system 6, the switching unit 67, the control block 69 in memory block 62 table symmetric permutation of columns and rows of tables foreign keys.

In the General case, each sequence of the secret permutation has the following form:

1i, 2j, 3l, ..., mk, ..., nr,

where 1, 2, 3... n - the sequence number of source columns (rows) of the chief of the secret key, i, j, l... r - random number permutation. While ordinal numbers form the input table column permutations and random number of permutations closed her column.

Once the subsystem 5 FD is the formation of a private key in the memory unit 61 for tables of secret permutations of columns and rows secret keys are overwritten all tables of secret permutations for user a (In). These tables, as noted above, the permit based on the table of the chief of the secret key using the appropriate permutations of columns and rows to form a first table of the initial secret key, then the table base and the external secret key. These tables have a functional dependence between the different lines that can be defined by allocating identical rooms in the output column of each of the previous tables and in the input column of each subsequent table. Tables of secret permutations are in the following order: table for formation of the initial secret key table for forming the base secret key tables for the formation of the external secret key (Fig). Then in the table of secret permutations for the formation of the initial secret key highlights the first line, and on the basis of functional relationships formed following a transitive relationship: 1i,j,k, which connects the permutation of the first main element of the secret key on the set of tables of permutations. This transitive dependency is recorded in the register 63 sequence transitive dependency via the switching unit 68 unit 69 controls the tion, and then enters the block 64 logical conclusion in a sequence of transitive dependencies. There goes the value of the first table row permutation (1i) from the memory unit 62 for a table of the symmetric permutation of columns and rows of the external secret key. The result is the logical conclusion of the original transitive sequence is complemented by the ratio ki and takes the form 1i,j,ki=1i. The result of the logical conclusion is consistent with the first row of the table is symmetric permutation of the columns (rows) of the external secret key. Thus is formed the first line relative (unclassified) permutation of the public key in the form ki. Then the same procedures are performed with the second row of the table secret permutation of columns and rows of the initial secret key, a basic secret key, the symmetric table foreign key, etc. In the execution of n treatments logical output will be generated public key in the form of a table relative permutation of the columns (rows) for user a (In). Note that each public key contains the ve table permutations (table columns and table rows). For each user a private public key. The obtained relative permutations are written in the memory unit 65 for a table of the relative permutation of rows and columns of the foreign key table, and then read into the register 66 public key. Then at the command unit 69 controls the public key via the switching unit 68 is supplied in the information-logical secure computing system 6. From there it is passed through the subsystem 11 key distribution computer system of the user And (B). After receiving the public key in the user device 2 or the server 3 distributed processing enters a subsystem 13, 25 formation of tables of secret keys. When this public key, containing the two tables of permutations, through the switching unit 59 is recorded in the register 55 permutation of columns for the formation of the foreign key table and the register 56 permutation of the rows to form the foreign key table. Then, based on the table of asymmetric external secret key recorded in the memory unit 51 foreign key table by the corresponding permutation of columns and rows is the generation of the table of the symmetric external secret key in the user device 2 and the server 3 distributed processing.

Subsystem authenticate the integrity of information (TIG)

When transmitting on the communication system of public keys between the center 1 certification, generation and distribution of keys, the user device 2 and the server 3 distributed data processing using the electronic digital signature. It is based on applying a hash function and a personal secret key of the user.

To implement the hash functions use a one way function based on the use of technology stochastic encoding. First consider the procedure for the formation of the hash functions in the mode of open communication. For the rational use of resources in the synthesis of the hash function message (document)sent by user a to the user, the maximum use of the algorithms of the organization closed mode. Therefore, to rationalize getting the hash functions are applied procedures for the formation of public-key translation tables external secret keys in symmetric mode and add information using the private arithmetic processor. The hash function can be used not only for authentication of electronic documents, but also to authenticate the user to enter his password into the computer. To implement the hash function for authentication of the transmitted electronic documents in the open mode, the users a and b request in the centre of certification the purpose of public keys-permutation to bring tables of external secret key in a symmetric state. When this is implemented the algorithm described above for forming and transferring a public key for users a and B. the Obtained public key enters the subsystem 13, 25 formation of tables of secret keys of the user device 2 (user) and server 3 distributed processing (user). Next, use the algorithm described above translation tables external secret keys of the users a and b in the symmetric mode. The resulting table of subsystem 13, 25 formation of tables of secret keys via the control unit 21, 30 protected processing is passed to the block 77 management and external stochastic encoder 74 subsystem 18, 33 authentication and integrity of information. When you configure an external encoder users a and b on the symmetrical transmission mode. Then starts the transmission of information between users a and b in the open mode. Simultaneously, each transmitted the i-th data item (i=1 to N) is supplied to the external stochastic encoder 74 subsystem 18 authentication and integrity of information and subjected to stochastic encoding and gammirovanie. Then the received code block is recoded in the memory block 75 columns of the encoding symbols of the code block in the code number and entered into the control unit 21 is protected by treatment. After that he served the information and logical secure computing system 20 and is in a secure arithmetic processor 19 with the previous (i-1)-th code block and the i-th code block in stochastically transformed. As a result, after the transfer of all N data elements of the messages in the secure arithmetic processor is formed of a 64 byte combination, which is the compressed representation of the transmitted document. In the server 3 distributed processing (user) when receiving each of the i-th code block of the message performs the same procedures for the formation of the hash function. After taking all the N code blocks obtained by the system and generated in the server 3 distributed processing, a hash function comes from the control unit 30 is protected by the processing, and then the subsystem 33 authentication and integrity of information. In this subsystem, the command unit 77 controls the specified combinations come into the comparison circuit 76 of the values of the hash function. Here is a comparison of the values of the hash function supplied by the user A, and the hash function created by the user C. When the coincidence of these values document, it is considered to be authenticated. Due to the stochastic coding provides the following properties:

- guaranteed protection with a given probability from any changes in the text when it is sent (insert, emissions, permutations, and others);

- the uniqueness of the obtained hash function (the probability that a hash function of various documents match, negligible);

- irreversibility hash f is NCLI, since the task of selection of the document that would have the same value, the hash function is computationally intractable.

The same algorithm, a hash function of the transmitted messages is used in the closed mode. The user And the formation of a hash function is performed simultaneously with the encoding of transmitted data items, and the user In the implementation of the hash function is performed after decoding each block using the procedure of re-encoding.

When forming a hash function of the password in the external stochastic encoder subsystem 18, 33 authentication and integrity check information is written to the table base key. It provides the tables of the specified encoder. In this case, the coding are introduced from the subsystem 17 input information from the media data, the password, and the default PIN code of the user that is recorded in the registers 70, 71 password and PIN subsystem 18, 33 authentication and integrity of information. After the addition of stochastic converted combinations in the secure arithmetic processor 19, 34 received a combination of length n enters information and logical secure computing system 20, 35, where it is divided into segments of a given length m<n, which are summarized in mod 2. Then the mn is an increase over the control unit 21, 30 protected processing is supplied to the comparison circuit, a hash function and compares with the value of the hash of the password stored on the data carrier certified user has (the smart card).If the formation of the electronic digital signature of the user And using a random numbers generator subsystem 5 formation of tables of secret keys generates a personal secret key in the form of a permutation of the rows of the table of the external secret key. With this combination of reconstructed external stochastic encoder 74 subsystem 18 authentication and integrity of information. Then, the control unit 21 is protected by the processing of the user And calculates the public key in the form of relative unclassified permutation between the previous and new location of the table rows of the external secret key. This public key is transmitted to the user and can be sent to the center 1 certification for registration of a personal key of the user A. On the basis of the obtained public key of the user rebuilds the table of the external secret key for decoding and verifying a digital signature of the user A. If the formation of this key are used functional dependence between the secret permutations corresponding tables of users a and B. the public key for a user In can the be calculated also in the center 1 certification the formation and distribution of keys when registering personal key of the user A. this applies to the user And the relative unclassified permutation and functional dependence between the secret permutations corresponding tables of users a and B.

Using the certified key in the external stochastic encoder 74 subsystem 18 authentication and integrity verification of the user information And the conversion is performed is formed when the document is a combination of hash functions. The user upon receipt at the end of the message encrypted hash function performs its decoding using the obtained public key and compared with the previously generated value of the hash function of the message received.

Stochastic encoder (Fig.9)

Let us consider in more detail the process of synthesis and functioning of the stochastic encoder (15, 74) of the user device 2 and the server 3 distributed processing and decoder 14 based on the obtained tables internal or external secret key. Note that the functions of the encoder (decoder), described below, may also perform device stochastic re-encoding (23, 24 figure 3, 27, 28, 29 figure 4)included in the user device 2 and the server 3 distributed processing. So the WMD description of the process of functioning of the stochastic encoder (decoder) 15 (14) is common to a number of specified devices.

The work of the stochastic encoder based on the use of internal tables (external) secret key. For this table the internal (external) the secret key is divided into two parts of size (m * m/2). The first part of the table is used to fill a block of registers 79-1, 79-2,...,79-n of the columns mnogourovnego encoder (Fig.9), the second is used in the circuit 84 forming range (n=m/2). The contents of the registers cyclic permutations 81, 90 is formed on the basis of the table of the permutation of the rows of the corresponding table base or foreign key. In the process of exchange of information, their content varies periodically under the influence of the sensor 53 random number subsystem 13 formation of tables of secret keys of the user device 2 transmitting side. On the receiving side sends received in the control unit 21 is protected by the processing of relative shifting between the previous (not more than n) and the subsequent state of a cyclic registers permutation 81, 90. This combination is calculated in the control unit 21 is protected by the processing using the algorithm, a public key based on the application of logical inference on transitive dependencies tables of permutations. This algorithm is similar to the algorithm, public key, implemented in the subsystem 8 shaping the Oia public keys. Resulting relative permutation is a public key, which is periodically exchanged between the users a and b during closed data. The user, receiving from the user a second public key, the control unit 30 is protected by timely processing calculates a new combination for recording in cyclic register permutation 81, 90. Evaluating this combination is based on the value of the previous combinations of cyclic registers permutation 81, 90 and received public key. Therefore, stochastic encoders 15 and decoders 14 each user will have identical random combination in the cyclic registers permutation 81, 90. In addition, the process of exchange of classified information between users a and b generated by random combinations of transmitted using the public key, may occasionally be used for synchronous replace the content of the input (output) register 78 permutation stochastic encoder (decoder) 15, 14. Received random combinations can also be used in the user device 2 and the server 3 distributed processing for phased replacement of the contents of the columns of the block of registers 79-1, 79-2,...,79-n of the columns mnogourovnego encoder and block registers 88-1, 88-2,....88-n table of forming range (Fig.9).

In the General case in BC the ke control protected processing 21, 30 on the basis of the regular public key and tables of secret keys can be generated from 1 to m new random sequences. These sequences are used to replace the required number of combinations of registers columns of block registers columns 79-1, 79-2,...,79-n mnogourovnego encoder and combinations of registers columns of block registers columns 88-1, 88-2,...,88-n table of forming range.

Procedures for periodic replacement of the content of the cyclic registers permutation 81, 90, input (output) registers 78 and column of the block of registers 79-1, 79-2,...,79-n of the columns mnogourovnego encoder and block registers 88-1, 88-2,...,88-n table of the formation of scale provide the actual modification of internal tables (foreign keys by a random permutation of the columns, rows, and their gradual replacement. The same procedures are performed in the device stochastic transcoding 23, 24, 25, 27, 29 user device 2 and the server 3 distributed processing in the execution of their functions encoders (decoders). These functions are aimed at improving the computational stability of the system. Thus the choice of the periodicity of these functions permutations and substitutions depends guaranteed level of security processes of transmission and processing of information. In normal operation procedures modification is abliz external (internal) keys using public keys is performed after transmission of N or more code blocks. In the mode of increasing the security level of the period modification tables of external (internal) key stochastic encoders (decoders) using the public key can be reduced until the transition to the mode of use of one-time tables of external (internal) key. This mode has the maximum level of protection, will be described below.

Thus, the periodic modification tables of external (internal) secret keys using public keys is described above, system function, aimed at ensuring a certain level of security of the information transmission process.

To protect the process of sharing information on computer buses are internal stochastic encoder 15. When this block of registers 79-1, 79-2,...,79-n of the columns mnogourovnego encoder populated based on the random information contained in the first part of the table the internal secret key. Scheme 84 forming range is applied the second part of the specified table.

Consider the example of construction and operation of the stochastic encoder 15 with specific parameters: m=256 bytes, the length of the code block N=64 bytes, the number of columns n=m/2=128 bytes. He has a cyclic register 31 permutations of length m/2=128 bytes, the circuit 80 connection columns, a block of keys-inverters 82-1, 82-2,...,82-n and recurrent register 83, which description is provided of an irreducible polynomial of the form P(x 127)=x127+x+1.

For the operation of the encoder in accordance with the permutation of the rows in the foreign key table is a permutation of the input ASCII table alphanumeric code containing 256 rows. This table is written into the input register 78 permutation.

When forming the input table changes in it in addition to the ASCII code (line 1-127) enter line for double-byte numeric combinations (00-99), as well as for special control characters (text box, numeric unit, outdoor unit, indoor unit, the numeric block integer, fixed-point, floating-point, and others).

When implementing exchange in the closed mode, the data typed on the keyboard, is encoded using the internal stochastic encoder 15 and converted into a protected 64 byte blocks. In this case, for each block of information is formed its own code table that contains 64 columns and 256 rows. The column selection unit registers columns 79-1, 79-2,...,79-n mnogourovnego encoder is using recurrent register 83 and cyclic register 81 permutations, where recorded another random combination of permutations of length n bytes. In the recurrent register 83 by executing the next sequence, starting with 000...1, shifts, selected 127 byte combination, which contains N>64 units. Position "1" in receiving the Noi combination of recurrent register 83 taking into account the random cyclic permutation register 81 determines which of the columns of the block of registers columns 79-1, 79-2,...,79-n mnogourovnego encoder used to encode the input of the next data item. In this case, the signal unit 87 controls may be a cyclic shift of the n-byte random combinations recorded in each i-th column block of registers columns 79-1, 79-2,...,79-n mnogourovnego encoder, a random number of bytes recorded in the i-th cell of the cyclic register 81 permutations. This is followed by the character encoding method of replacement in mogoltavicum the encoder informational combination coming from the input register 78 permutation. At the same time to encode each of the j-th symbol is recorded in the i-th line of the input register 78 permutation applies a random code in the i-th row of the corresponding column, cycled out on a random number of bytes (0 to 256). This column is part of the 64 columns selected with the combination of recurrent register 83 and cyclic register 81 permutations. To encode the next block again being consistent shifts recurrent register 83 to obtain a new combination containing n>64 units. This is a circular shift of one byte random combinations recorded in cyclic register 81 permutations. After that, in accordance with the new combination is in the register 81 is a random cyclic shift combinations, recorded in each i-th column block of registers columns 79-1, 79-2,...,79-n mnogourovnego encoder.

Since the polynomial P(x127) is irreducible, then the corresponding recurrent register provides a consistent generation of all (2127-1) possible different combinations. Therefore, to encode each of the next block is a new mnogoelementnyi code (single key), defined nextthe combination of recurrent register 83, which includes N>64 units, as well as the content of the cyclic register 81 permutations and random combination of the input register 87 permutation.

If the next combination of recurrent register 83 contains the number of units N<64, the signal block 87 management there is an inversion of this combination in the block of keys-inverters 82-1, 82-2,...,82-n. Then it will include N>64 units. After the transfer of the N code blocks of the signal control unit 21 is protected by the processing described above is implemented system function modification tables of internal (external) key stochastic encoders (decoders) using the public key. When this command block 87 management is a cyclic shift combinations recorded in the registers of the register unit columns 79-1, 79-2,...,79-n mnogourovnego encoder to return and is in its original state.

Each encoded data element may contain either the word (text element), or a number indicating the form of representation (integer, fixed or floating point).

When entering text information each i-th symbol is encoded after the initial permutation (in accordance with table foreign key) using the i-th column block of registers 79-1, 79-2,...,79-n of the columns mnogourovnego encoder. When the line number j of this column is determined according to the number j of the row corresponding to this symbol in the table of initial permutation.

After entering the text element is automatically generated service four-byte combination containing the above special characters. This combination acts as Kitazawa.

If the length of the text combination is less than 60, the remaining positions are filled coded numeric values. They are formed by mnogourovnego encoding numeric combination number i, which is the first after the j-th symbol of the final text element data, if we move the table input permutation.

When entering numeric data item in the input register 78 permutation is the formation of numeric combinations to the right and to the left of the decimal point (m=2) digits. Then they are re-encoding by about the treatment to the input table (rows 128-256) and conversion using a block of registers 79-1, 79-2,...,79-n of the columns mnogourovnego encoder. Each of the next combination j in the part number is transformed into a stochastic indexby coding using the j-th column. After the numeric combination, the length of which should be no more than 60 bytes, the composition of the code block should service combination. If the number is less than 60 bytes, then once the number is included utility combination (4 bytes). Then enter AC code letter number i, which follows in the input table rearrangements immediately after the j-th, the final m-byte numeric combination.

Received code blocks are received in the adder by mod 2 85 for combination with colors, issued from the circuit 84 forming range, and then written into the output register 86 of the code block.

Diagram of the formation of scales (figure 10)

In the synthesis scheme 84 forming range is used the second part of the tables of internal (external) code size (m*m/2). It is used for filling the unit registers table columns forming gamma 88-1, 88-2,...,88-n (figure 10). For the above example diagram of the formation of scales (figure 10) contains a table with parameters m=256 bytes, n=m/2=128 bytes, similar to the recurrent register 92, the block of keys-inverters 91-1, 92-2,...,92-n, cyclic register 90 permutations of length m=128 bytes, and the scheme 89 p is clucene columns, the adder on mod 2 94 a length of 256 bytes and the case of the original scale length of 64 bytes.

As noted above, after the formation of the next code block is XOR with password by adding the 64 byte range in the adder by mod 2 85. This random sequence is generated in the circuit 84 forming range. In this first running of the combination obtained in recurrent register 92 after another i-th shift of the original combination 000...01 using cyclic register 90 permutations and circuit 89 connection columns, selects corresponding columns of the block registers table columns forming gamma 88-1, 88-2,...,88-n. Selected ones of the 128 columns, the rooms in which the i-th sequence corresponds to "1". The signal block 96 control shaping circuit scale can be implemented procedure cyclic shift of each random combination recorded in the register unit table column formation gamma 88-1, 88-2,...,88-n, a random number of bytes. This procedure is performed as in the stochastic encoder 15. It uses a combination of random permutations, recorded in the register 90 cyclic permutations after the implementation of the next cycle modification tables of internal (external) key stochastic encoder. The number of units in the selected sequence positions is about to be not less than the set value t (2< t<N). It provides the control unit 95 shaping circuit scale. Then the selected columns, each of which represents a random 256-byte combination, through the key 95 is received in the adder by mod 2 94, where they are add on mod 2. The resulting random combination of record in the register 93 source range and then send in block 96, the control scheme of the formation of scale. Here is another transformation of the original scheme. This may be a function of the permutation using another random combination of length m. This combination is obtained from the block 87 control is used for a regular update of the table of external (internal) secret key stochastic encoder 15. This combination is used to replace the contents of the specified number of columns of the block registers table columns forming gamma 88-1, 88-2,...,88-n, and replace the content of the cyclic register 90.

The second way is to convert the combination of the source gamut is to use the procedures for encryption using the software implementation of the standard DES encryption (AES). The key for this encryption algorithm is used cut another random combination used for the modification tables of external (internal) secret key. The floor is built in the transformation of the original mix combination is divided into four segment 64 bytes and summarize for mod 2. The result is a random combination recorded in the register 93 source range. This combination can be applied directly to gammirovanie the next code block or be used to form N different random sequences for gammirovanie N the next code block (N=64). In the first case formed by the combination of register 93 original mix through the control unit 96 scheme of formation of scales and key 95 is supplied to the adder for mod 2 82 stochastic encoder 15.

Note that the pattern of formation of gamma provides original generation (2127-1) different values of random combinations. Timely replacement of contents table of forming range allows you to make the period of this RNG is endless. However, changing the contents of the block registers table columns forming gamma 88-1, 88-2,...,88-n is produced when a change in computer system security tables primary keys. This process is carried out regularly by the centre 1 certification, generation and distribution of keys using public keys-permutations. In addition, as was shown above, the partial replacement of the contents of the table columns forming gamma 88-1, 88-2,...,88-n produced in the process of exchange of information between users a and b using the public keys of the ri implementation of system functions table modification external (internal) key. When this occurs, replace the content of the cyclic register 90 permutations.

In the second case, the formation of N sequences range for code blocks is performed by encoding the received original mix method "spray and replace". This applies to a block of registers table columns forming gamma 88-1, 88-2,...,88-n, which has n=128 columns with a length of 256 bytes. Heis used to obtain each of N=64 units range. In contrast to the formation of the code blocks, which is done line by line using all N columns, generate N=64 units range is carried out by encoding the original scale by columns. For the formation of the j-th range of used columns with number j and (j+1), forming a "table of spraying and replacement". With the aim of obtaining range for the next block j (j=1, N) of the original gamma refers to the j-th column, finds an identical combination of Uji for each byte Uji range of Uj. Then replace the code Uji code Uj+1,i (UjiUj+1,i).

Coding and replacing the 64 byte of the source gamut is made along the entire length of columns is 256 bytes ("sputtering" 64 bytes 256 bytes with their subsequent replacement codes on next column). Each of the obtained gamma number j=(1-64) is formed in the adder by mod 2 82 stochastic encoder 15 with j-m block, coming from a block of registers columns 79-1, 79-2,...,79-n mnogourovnego encoder.

Thus, the stochastic encoder 15 using the scheme 84 forming the gamut provides a stochastic encoding and XOR with password sequence of transmitted blocks with one key. At the beginning of the generated sequence is transmitted variable values of polynomials and initial recurrent combinations of registers 83, 92 length of 16 bytes each. Note that the variable values of polynomials recurrent registers 83, 92 are formed in the control unit is protected by a processing 21, 30.

These combinations are included in the service unit, which is transmitted at the beginning of the sequence of N information blocks in a closed form. For encryption service block is a secret permutation generated in the control unit is protected by treatment (21, 30). It is calculated on the basis of a combination of the public key used for a regular update of tables of secret external (internal) key stochastic encoder 15.

Utility unit after decryption is used to configure the registers of the stochastic decoder 14, which is identical to the table of external (internal) key and, accordingly, provides correct decoding of all N blocks received in the input register kadavul the block. In the table of the output register permutation is written back table of the input permutation used in the stochastic encoder ane functions of generation, encryption and decryption service unit shall also apply when using the device stochastic transcoding 23, 24, 27, 28 and 29 for transmitting and processing information. These functions are implemented in the control unit is protected by a processing 21, 30 user device 2 and the server 3 distributed processing using respective public keys.

Note that one key in stochastic encoder 15 may be implemented without the use of functions gammirovanie. In this case, the process of converting information in stochastic encoder 15 (stochastic decoder 14) is performed with the switching signal block 87 control circuit 84 forming range (Fig.9). The characters of the code block, formed in the block of registers columns 79-1, 79-2,...,79-n mnogourovnego encoder, proceed without change through the adder on mod 2 85 in the output register 86 of the code block.

Describes the formation of scale is also used in the devices of stochastic transcoding 23, 24 of the user device 2 and device stochastic transcoding 25, 27, 29 server 3 distributed processing.

So what Braz, to protect information transmitted over the computer network between the user device 2 (user) and server 3 distributed processing (user), as well as the host-only exchange mode "one-key", according to which each code block of the transmitted sequence is encoded with a key. Each key is unique for the set of transmitted blocks. At the same time to provide the required level of security when transmitting information in the above stochastic encoders (decoders) 14, 15 and the device stochastic re-encoding(23, 24, 25, 27, 29) implemented the above system function table modification external (internal) key.

In the process of implementing this function in the transmission of information may reduce the period of the modification key tables until the transition to the mode of use of one-time tables of external (internal) key. This mode has the maximum level of protection involves the transfer of a new public key after each code block. On this key in stochastic encoder (decoder) according to the algorithm described above is the recording of a new random combination in a circular registers permutation 81, 90, in the input (output) register permutation 78 and replacement of luciananamiiii one of the columns of the block registers table columns forming gamma 88-1, 88-2,...,88-n. It is this random combination on the input unit 95 controls together with other t, randomly selected combinations of block registers table columns forming gamma 88-1, 88-2,...,88-n used during the formation of scale for the next code block. Thus, in this mode, as in the classical scheme of one-time key to encrypt each block of length N is used disposable random combination of length N. it is to encode each of the next block is disposable generated randomly mnogoelementnyi encoder. The device stochastic re-encoding figa, 11B)

Important to create a single protected contour data transmission and processing devices have stochastic re-encoding (23, 24 figure 3, 27, 28, 29 figure 4)included in the user device 2 and the server 3 distributed processing. They implement additional encryption of protected information for its adaptation to the transmission in the environment of computer or computer system, but also to various kinds of processing by a stochastic transformation without disclosure of the data.

These devices have a common structure (figa, 11B), but, based on the functional purpose, are divided into three types: the "internal code external code", "code external internal the code and internal code 1 - internal code 2". The basis of these devices are the elements of the first and second stages of stochastic transformation, 98, 101, have identical structure, which practically coincide with the structure of the stochastic encoder 15. Note that the first step 98 stochastic transformation if necessary, can perform the functions of the stochastic decoder, and the second step 101 stochastic transformations can be used in stochastic mode of the encoder.

The device stochastic re-encoding of type "internal code external code" provides the ability to transmit information encoded with an inner code, the computer system after establishing secret communication between the user device 2 and the server 3 distributed data processing. The encoding of the transmitted information without disclosing its contents. To perform this function, the first step 98 stochastic transformation for business combinations containing the polynomial and the value of recurrent case and the public key is configured for processing the first of the N code blocks received by the computer buses from the inner encoder. When this block of registers columns 79-1, 79-2,...,79-n mnogourovnego encoder and block registers columns 88-1, 88-2,...,88-n table of forming range pervouchine 98 stochastic transformations are filled based on a table of internal keyed alike internal stochastic encoder 15. In cyclic register 81 permutations, in the case of permutation 99 and circuit 84 forming range is written to a random combination, calculated in the manner described above in the control unit 30 is protected by treatment. The second step 101 stochastic transformation is configured using the foreign key table as an external stochastic encoder 74 to provide symmetrical closed communication with the server 3 distributed processing. To connect and harmonize the first stage 98 stochastic transformation with the second stage 101 stochastic conversion control unit 21 is protected by custom processing device 2 generates the relative permutation, which through the block 87 control writes to the register 100 permutations. The second step 101 stochastic transformation, performing the functions of the encoder described above order is entered in the symmetric mode of closed transmission with the first step 98 stochastic conversion device 25 stochastic re-encoding server 3 distributed processing. This ensures the implementation of system functions for modifying foreign key table using the periodically transmitted public key in the device stochastic transcoding 24, 25.

Converting each code block of the input register, launched the first, is done character by character. For this first stage 98 stochastic transformation, and in the second stage 101 stochastic transformation on the input unit 87 controls included registers columns of blocks of registers columns 79-1, 79-2,..., 79-n used with the purpose of encoding the first character of the code block. Then, for each code block in the circuit 84 forming range is generated corresponding to a random sequence and selects the first symbol used for gammirovanie the first character of the given code block. This character is summed up by mod 2 with each character register column block registers columns 79-1, 79-2,...,79-n mnogourovnego encoder first stage 98 stochastic transformation that was used to encode the first character of the code block in the internal stochastic encoder 15. The same addition is performed using the first character of the range and character of the case of the column block registers columns 79-1, 79-2,...,79-n mnogourovnego encoder of the second stage 101 stochastic transformations enabled for encoding the first character of the code block external code. After this first stage 98 stochastic transformation compares the first character of the received code block inner code with each of the characters included register of the post is and block registers columns 79-1, 79-2,..., 79-n mnogourovnego encoder. The coincidence of one of the compared values with the first character of the code block this symbol is identified (defined string column of the register, which has a code identical to the first symbol of the code block). In this case, the block 87 management through key 108 and register permutation 99, 100 enables the transfer of this symbol on the corresponding bus in the case of the column of the first character of the outer code block registers columns 79-1, 79-2,...,79-n mnogourovnego encoder of the second stage 101 stochastic transformations. The result is the replacement of the first character of the code block inner code (without removing scale and decoding on the first gammirovanie symbol of the outer code. Then the same procedure transcoding is performed with each new symbol code block inner code until it formed a code block external code containing a closed form identical information. In this case, as follows from the description of this procedure, a conversion is made without disclosure of protected information. Re-encoded code block signal block 87 management through key 108 is written to the output register 102 of the code block of the second stage 101 stochastic transformations. The result is the replacement of the symbols of the first code is Loka. After this change, the blocks 87 management make the necessary change combination in recurrent registers 83 and cyclic registers 81 permutations, thus preparing the first and second degree stochastic transformation 98, 101 to convert the following code block. Then recoding the next code block and write it into the output register 102 of the code block. After a write to the output register 102 of the code block the entire sequence of N code blocks external code to the beginning of recorded service unit with an initial combination, with recurrent polynomials register 83, 92 and are passing a protected sequence of code blocks on a computer system at the server 3 distributed processing.

As noted above, if necessary, the second step 101 stochastic transformation may perform the functions of the stochastic encoder. In this case, the block 87 control disables the first stage 98 stochastic transformation, in the case of 100 permutations of the second stage 101 stochastic transformation is written to the input table of the permutation and translation of all elements in the second stage 101 stochastic transformation in the mode of functioning of the stochastic encoder. Thus, the sending user device 2 realizowany device type stochastic recoding: "internal code - external code.

At the reception server 3 distributed processing applies a second type of device stochastic recoding: "external code internal code". This device 28 stochastic re-encoding procedure described above provides the conversion code block outer code inner code blocks without disclosing the content of the information. To perform this function, the first step 98 stochastic transformation for business combinations containing the polynomial and the value of recurrent registers 83, 90, configured for processing the first of the N code blocks, which are received in the receiving-transmitting unit 31 of the server 3 distributed processing. When this block of registers columns 79-1, 79-2,...,79-n mnogourovnego encoder and block registers columns 88-1, 88-2,...,88-n table of the formation range of the first stage 98 stochastic transformations are filled on the basis of the foreign key table. The second step 101 stochastic transformation is configured using the internal key table as an internal stochastic encoder 15 to ensure a symmetric private information transmission server environment 3 distributed processing. To connect and harmonize the first stage 98 stochastic transformation with the second stage 101 stochastic conversion control unit 21 to protect the military processing of the user device 2 generates the corresponding relative changes through unit 87 controls writes to the registers permutation 99. After this recoding each of the next received code block, starting with the first character is described above order. The translated code blocks are entered via the control unit 30 is protected by the processing in the memory information of the logical secure computing system 35 server 3 distributed processing.

In the process of sending messages to the user And user device 2) random combinations obtained from the sensor 53 of the random numbers through the circuit 54 of choice combinations subsystem 25 formation of tables of secret keys (6) using the public key calculated in the control unit 21 is protected by the processing, can produce the above-described implementation of system functions for modifying tables foreign keys. This provides for the periodic replacement of the content of the cyclic register 81, 90 permutations, registers permutation 100, 99 device stochastic transcoding 24, 25, and replace a given number of combinations of register unit columns 79-1, 79-2,...,79-n and block registers table formation gamma 88-1, 88-2,...,88-n circuit 84 forming range. For the formation of the public key used above procedure previous combinations, which were recorded in Ilichevsky register 81, 90 permutations, and again the resulting combination of the sensor 53 of random numbers. When this algorithm is used to compute a public key to a logical conclusion on transitive dependencies tables of permutations implemented in the subsystem 8 formation of public keys (Fig.7). In the control unit 30 is protected by the processing of the user based on the received public key using logical conclusion and the previous tables cyclic register 81 permutation is computed new secret permutation. This is followed by simultaneous transition to a new random combination of cyclic register 81, 90 permutation register permutation 100, 99 device 24 stochastic re-encoding, user and device 25 stochastic re-encoding, user-Century

In a similar way as was shown above, can be partial replacement table columns foreign key device 24 stochastic re-encoding, user and device 28 stochastic recoding user (server 3 distributed processing). This provides simultaneous replacement of the register contents of the columns of the block of registers columns 79-1, 79-2,...,79-n mnogourovnego encoder and block registers columns 88-1, 88-2,...,88-n table of forming range, respectively, of the second stage 101 stoha the political transformation of the user device 2 and the first stage 98 stochastic conversion server 3 distributed processing.

After the character conversion of the received sequence of N code blocks in the device stochastic re-encoding server 3 distributed data processing a received message, a secure internal code is recorded by the control unit 30 is protected by the processing in the memory information of the logical secure computing system 35 server 3 distributed processing.

Thus, to protect the information transmitted in the environment of the computer, as well as with external closed currency, implemented the concept of "one-key", according to which each code block sequence in the device stochastic re-encoding is encoded with a key. This key is unique for the set N of transmitted blocks, and tables of secret keys and permutations periodically modified by using the public key in the implementation of system functions increase the level of information security.

After completion of the closed session of communication between the users a and b symmetric foreign key table (with the permission of the centre 1 certification, generation and distribution of keys) can be used as the basis for the formation of a new foreign key table if the organization of the next session closed symmetric relation. To get a new si is unbalanced foreign key table is a permutation of the rows and columns of the previous table foreign key from users a and B. Apply the above algorithm for computing the public key in the control units 21, 30 protected processing and algorithm modification table foreign key subsystem 13, 25 formation of tables of secret keys of the user device 2 and the server 3 distributed processing.

The encryption process is protected table 37 e-mail addresses, reserved table 39 data and secure Web pages 38 is performed using the internal device 29 stochastic re-encoding, which belongs to the third type of "internal stochastic code 1 - internal stochastic code 2". This device is connected to the control unit 30 is protected processing and secure information and logical computing system 35. It is used in the mode of internal stochastic encoder.

In the encryption process is protected table 37 e-mail addresses as a sequence of N code blocks are considered elements of each row of the table. As a result, after encryption, which is provided by the control unit 30 is protected processing and secure information and logical computing system 35, each row contains (N+1) fields. The first field is a utility that includes the encrypted initial hand and polynomials recurrent registers 83, 92, to the which was used when encoding of the given string. This formed a separate table of public keys - random combinations of length n bytes each. These combinations were used to modify the internal table key for encoding each row reserved table 37 addresses. They are also used to encrypt the above combinations of the slug. The number of each combination table of public keys corresponds to the number of lines reserved table 37 addresses, when encoding which it was used.

The same structure are protected table 39 data.

When the encryption-protected Web pages, 38 of each of them is transformed into the set of all sequences of N code blocks. At the beginning of each sequence of N code blocks recorded the corresponding public key that was used to modify the internal table key for encoding the sequence of code blocks. At the beginning of the encrypted Web page is written to an encrypted service unit with the initial combination and polynomial recurrence register. Interpretation service units (service fields of the tables) is performed using the corresponding public key in the control unit 30 is protected by treatment prior to the implementation of the specified functions of the processing of protected information.

If the control unit 30 is protected clicks the processing defined that the received encrypted message is an electronic mail, it is only processing the encoded address of the message. The purpose of the processing - define the address of the server 3 distributed processing, which you want to send encrypted e-mail message. To do this in a protected table 37 e-mail addresses need to find the appropriate line. It should contain the encoded address of the user device 2 and the recipient address of the server 3 distributed processing, which you want to send the message. This procedure is performed via the internal device 29 stochastic re-encoding, is connected to the control unit 30 is protected processing and secure information and logical computing system 35. As a result, the address of the recipient of the message will be encoded without disclosing its content in the code, which protected the recipient address of the first row of the table. After that, the obtained code and the encoded address of the first row of the table is read protected information and logical computing system 35 for comparison. The coincidence of the compared values from table reads field, including the address code of the server 3 is protected by the treatment which you wish to transfer the received encrypted message. Then laws the new e-mail message from the protected information and logical computing system 35 is supplied to the control unit 30 is protected processing and then to the device stochastic re-encoding transceiver 28 block 26 stochastic conversion for transmission in a closed form selected server 3 distributed processing.

If you compare the encoded address value does not match, then the internal device 29 stochastic re-encoding translates the address code messages in code, which is encoded address of the second row reserved table 37 e-mail, to search for the address in the protected form, etc. the search Process continues until, until you find the desired address to send the message.

If the control unit 30 is protected by the processing according to the message format is determined that the type of processing received encoded information - arithmetic calculations, the encrypted operands and codes arithmetic act protected information and logical computing system 35. In this case, the signal control unit 30 is protected by the first processing step 98 stochastic conversion device 29 stochastic re-encoding is configured on the internal code, which protected the received message. Simultaneously, the second stage 101 stochastic transformation in cooperation with the protected information and logical computing system 35 is consistent with the code table secure arithmetic processor 34. To do this, instead of IP is one of a numeric code in the input column of the code table of the arithmetic processor 34 writes the contents of one of the registers of columns of the block of registers columns 79-1, 79-2,...,79-n mnogourovnego encoder of the second stage 101 stochastic transformations. While in the second output column code table a secure arithmetic processor 34 includes stochastic indexes numerical data used in the calculation is running in secure mode. In the process of recoding sequence of code blocks of received messages in the second stage 101 stochastic transformation on a signal block 87 management is always on only one of the selected register. So the resulting closed-numeric information will be encoded in the input code secure arithmetic processor 34 and commands protected information and logical computing system 35 will be issued through the code table in the secure arithmetic processor 34 to perform predefined calculations. The resulting calculation data is securely transmitted through the output code table for recoding of stochastic indexes secure arithmetic processor 34 in the internal stochastic code. To do this, in the output column of the inverse code table, an input column which contains the indexes of the numerical data, the signal control unit 30 is protected by the processing of the recorded contents of one of the registers columns mnogourovnego code the RA block indexing stochastic code. In the process of recoding sequence of code blocks of the result obtained in the first stage 98 stochastic transformation on a signal block 87 management is always on only one of the selected register. So the resulting closed-numeric information is recoded stochastic internal code and issued the commands of the control unit 30 is protected by a processing device 27 stochastic re-encoding, which is of type "internal code external code, for transmitting secured in the user device 2.

If the control unit 30 is protected by the processing according to the message format is determined that the type of processing received encoded information - search and selection on request the required information from a protected table 39 data, connects the protected information and logical computing system 35. She receives the encrypted information, which may include:names of tables, records or fields, numeric parameters (they must match the selected data), codes arithmetic (they must be made with the selected numeric fields).

When the request is processed in a secure information-logical computing system 35 from a secured database 36 reads the sequence of code blocks, containing what I encrypted the names of the tables, at the beginning of which contains an encrypted combination of polynomials of recurrent register internal code. Then there comes the corresponding public keys. After that, by applying the above procedures to encode and compare information in a secure manner is sampled from the encrypted sequence code tables required to process the request, which is received from the user device 2. Each code with the name of the table in turn re-encoded using the appropriate combinations of recurrent registers in the first 98 and second 101 degrees stochastic transformations in the internal code is protected database 36, which is encrypted each of the names of protected data table 39. The coincidence of the compared values protected data table 39 on their code read from a protected database 36 in the protected information and logical computing system 35 for further processing.

The process takes into account that each of the records (rows) protected data table 39 contains a sequence of code blocks. Each code block corresponds to a specific field, the code which is contained in the table header. In the service field has a combination of recurrent register for the header table and each record is I. In the device stochastic transcoding 29 using appropriate combinations of recurrent registers is transferred field codes specified in the request, in the internal code, which is encrypted field codes in the table header, and comparing them. The coincidence of the compared values of the table entries are selected code blocks specified in the query fields.

If you want to select certain data or numeric data fields in an encrypted form in accordance with the codes of the query from the table, it is recoding codes request in the internal code of each record to select the desired protected data by comparing them with the codes of the query. This is implemented the above procedure using combinations of recurrent registers in the header records. If when comparing numeric parameters are arithmetic operators "more" or "less", which are implemented by subtracting the reserved numbers, and you need to perform arithmetic calculations with selected fields in encrypted form, the process connects protected arithmetically processor 34. The calculations with the protected information implemented the above procedure. After completion of the processing request selected from a protected table 39 encoded danniele the obtained calculation results are transferred to the device stochastic transcoding 29 in the internal server ID 3 distributed processing, and the above described procedure are transmitted to the user device 2.

If the control unit 30 is protected by the processing according to the message format is determined that the type of processing received encoded information - search and select by query condition protected Web pages, 38, connects the protected information and logical computing system 35. This approach implements two levels of search: the first level - headers-protected Web pages, 38, and the second based on their content. Therefore, when coding a secure Web-page 38 there are two internal stochastic code: first code for encoding header, the second is to protect the content of the page itself. In the beginning of each code sequence is a service unit with a combination of recurrent case. Received private message with the query has a set of codes keywords that must be contained in the requested document.

When looking at the first level codes keywords enter the device stochastic transcoding 29, are translated into the internal code of the header of the next protected Web page 38. The code of each keyword in turn is compared with each code block header. In case of discrepancy between the compared codes in them is encoded based on words by dropping the code characters to its end and is once again matched by the scientists codes. In case of coincidence of the compared values is recorded the presence of this keyword in the header. When the discrepancy codes keyword IDs header proceed to the next Web page, etc. Selected in the search result encoded headers protected Web pages, 38 are converted into device 27 stochastic re-encoding server 3 distributed processing in the external code and transmitted by computer system to the user device 2. There after receiving the code blocks are recoded in the internal code, the transfer of the tires on the computer in the internal stochastic decoder 14 and output in the open form requested information on the monitor screen. When choosing a particular Web page, the user enters a request to receive from the server 3 distributed data processing. After performing the above described functions of stochastic encoding and transcoding request in the user device 2 is transferred to protected information by a computer system. As a result, the request is sent by the server 3 distributed processing, where the functions of his conversion, select the desired secure Web pages 38 and transmission in the user device 2.

If you search a desired Web page on the first level did not produce results, upon request by the user which I can search for keywords in the text of those protected Web pages, 38, in the header which contains at least one keyword of the query. Using the procedure described above recoding keywords, comparing them with the codes of words of text and codes of basic words. In the presence of a certain number of matches of each of the keywords of the query IDs of the text is that this secure Web-page 38 responds to the query and transmitted in encrypted form using transcoding functions in the user device 2.

Industrial applicability

The claimed method and system may find wide application in computer systems that use distributed processing of confidential information. These include modern banking and payment systems, e-mail with information security, corporate networks and other systems of this type.

1. Integrated protection of distributed data processing in computer systems, in which each user device and servers distributed data processing have access to a computer system and form a system of internal and foreign keys on tables of secret keys obtained from a certification authority, the formation and distribution of keys, on the basis of tables of secret keys generated in the user device is built and the server distributed processing secret internal one-time keys for symmetric encryption in the transmission environment of the user device and the data server, storage and processing of information in encrypted form, encrypted introduced and passed in the environment of the user device and server for distributed processing of data to be processed by the stochastic encoding using the obtained secret inner symmetric one-time keys, refer to the user's device certification, generation and distribution of keys request to establish a connection with the pre-selected server distributed data processing to perform the processing functions, obtained from the CA, the formation and distribution of keys or form in the user device and the server distributed processing public keys for the modernization of tables of secret keys for the implementation of stochastic encoding information transmitted from user devices in the above-mentioned server distributed processing, information processing in the converted form and issuance of the distributed processing from the above-mentioned server distributed processing in the user device based on the received public key and tables of secret keys generated in the user device and the server distributed processing secret disposable external keys for the symmetric mode, W is grovania, and also carry out the modification tables of secret keys in the transmission of information and processing it in an encrypted form, encrypts the transmitted information by stochastic coding in the user device using the received secret symmetric external one-time keys, transmit encrypted by stochastic encoding information in the server distributed processing, accept and process server for distributed processing of the information received, stochastically encoded using a secret symmetric external one-time keys in encrypted form after additional encryption using a secret symmetric internal one-time keys in accordance with the type of processing that is determined by the format of such data, with stochastically encode the encrypted information received as a result of processing in the server distributed processing, using a secret symmetric external one-time keys, pass stochastically encoded encrypted information in a user device, take stochastically encoded encrypted information in the user device, and decode it for delivery to the user in plain text.

2. The method according to claim 1, characterized in that the access to the computer system and f is armirovanie system of internal and external keys perform by typing in a user device of a data carrier with a record of the PIN, password, a hash function of the password, table, primary key and secret data permutations of columns and rows to get the secret table base key and secret foreign key table.

3. The method according to claim 1 or 2, characterized in that the system key is formed in the form of a set of tables of secret base and foreign key generated by the secret permutations of columns and rows of the table primary key, which is obtained from the CA, the formation and distribution of keys.

4. The method according to any one of claims 1 to 3, characterized in that the formation of tables of secret symmetric internal one-time keys to transmit information separately in the environment of the user device and server distributed processing, encryption of data to be processed, including database tables, Web pages and table of the e-mail server, produced by permutations of columns and rows of the table base key using the secret permutations.

5. The method according to any one of claims 1 to 4, characterized in that the public keys in the form of tables relative permutations form in the center of certification, generation and distribution of keys, the user device, the server distributed processing by inferring the set of tables of secret permutations using transitionality between line items separately for a custom device and server distributed processing to bring their secret tables foreign keys in the symmetric condition and modification of tables of secret keys.

6. The method according to claim 3 or 4, characterized in that the conversion tables of the secret foreign key of the user device and server distributed processing in a symmetric state, and modification of tables of secret keys for distributed processing of encrypted data is carried out by use of permutations and substitutions of columns and rows of tables of secret keys of the user device and server distributed processing using a public key.

7. The method according to any one of claims 1 to 5, characterized in that the generation of one-time keys is carried out by stochastic changes by way of random elements of the symmetric key tables external or internal key for each transmitted block of information by encrypting the stochastic encoding.

8. The method according to any one of claims 1 to 5, characterized in that the encryption process and transmit the encrypted information to produce a periodic modification of the symmetric key tables of external and internal key in the user device and the server distributed processing using a public key generated and transmitted to the user device and the server distributed processing.

9. The method according to claim 1, characterized in that the processing of encrypted data by performing tasks the programmes in protected stochastically transformed produce information and logical protected computing device using the secure arithmetic processor, the interface which will agree on the information tire table secret inner key and on the control bus commands are transmitted from the information-logical protected computing device.

10. The method according to claim 9, characterized in that before or after stochastic transformation of each newly introduced program in information and logical protected computing system implement anti-virus protection based on the detection by using logical inference on the set of codes program commands viral functions in the form of chains of logically related code commands and destruction of detectable viral functions to ensure the integrity of the converted program.

11. The method according to claim 1, characterized in that when determining the type of processing on the format of the received information as arithmetic calculations emit in the format of the received data is encrypted operands and codes of arithmetic computations and transmit them to a secure arithmetic processor to implement the required computations in the encrypted form.

12. The method according to claim 1, characterized in that when determining the type of processing on the format of received data, as a search and selection under the terms of the request the required information from the encrypted database tables, select in the format of the received information, the encrypted data in the query condition, according to the verge, after encryption by comparing allocate data fields are encrypted tables, required for a sample.

13. The method according to claim 11 or 12, characterized in that the implementation of these compliance audits of selected data from the encrypted tables required encrypted numeric parameters or procedures arithmetic calculations with selected fields encrypted perform in the secure arithmetic processor.

14. The method according to claim 1, characterized in that when determining the type of processing on the format of received data as a search and selection encrypted Web pages optional encrypt keyword is encrypted request and determine by comparing the presence of the same keywords in each of the encrypted Web pages server distributed processing.

15. The method according to claim 1, characterized in that when determining the type of processing on the format of received data as the transfer of electronic mail messages received encrypted message optionally encrypt, compare the encrypted address of the recipient mail addresses of the servers of the system and allocate the server that contains the mailbox of the recipient, which is transmitted encrypted information.

16. The method according to claim 1, characterized in that the form is the hash function of the transmitted information, receive and transmit digital signature of the sender information and provide sender authentication and integrity control received the information, this hash function of the transmitted information in the form of random combinations of a given length is formed by addition stochastically coded blocks in the secure arithmetic processor of the user device and server distributed processing.

17. The method according to item 16, wherein the digital signature is obtained by generating the secret private key of the sender in the form of a random permutation of the rows of the table secret foreign key and compute the public key that is passed to the CA, the formation and distribution of keys to register the private key.

18. The method according to item 16 or 17, characterized in that the authentication of the sender and integrity of the received information using a hash function and digital signature using a secret private key to encrypt the hash function of the transmitted information and the public key used to decrypt the received values of the hash function for comparison with the generated server distributed processing value.

19. The system of comprehensive protection of distributed data processing in computer systems containing CA, generation and distribution of keys (1), at least one user device (2) and at least one server distributed processing d is the R (3), this certification, generation and distribution of keys (1) contains the subsystem user certification (4), a subsystem of formation of tables of secret keys (5), information and logical secure computing system (6), a subsystem of formation data carriers for certified users (7), a subsystem of formation of public keys (8), a subsystem of the authentication and integrity of information (9), secure arithmetic processor (10), a sub-key distribution (11), the control unit is protected by treatment (12), each user device (2) contains a subsystem of formation tables secret keys (13), the internal stochastic decoder (14), the internal stochastic encoder (15), a sub protected access (16), the secure arithmetic processor (19), information and logical secure computing system (20), the control unit is protected by treatment (21) and outdoor unit (stochastic transformation (22), the server distributed data processing (3) contains a subsystem of formation of tables of secret keys (25), outdoor unit (stochastic transformation (26), the internal structure of the stochastic re-encoding (29), the control unit is protected by treatment (30)the subsystem protected access (31), the secure arithmetic processor (3), information and logical secure computing system (35) and secure database (36), and in CA, the formation and distribution of keys (1) information-logical-protected computer system (6) is connected to the subsystem user certification (4), a subsystem of formation of tables of secret keys (5), connected to the subsystem user certification (4), secure arithmetic processor (10), a subsystem of formation of public keys (8), a subsystem of formation data carriers for certified users (7) and subsystem key distribution (11), with which is connected the control unit is protected by treatment (12)connected to the subsystem authentication and integrity of information (9), in the user device (2) information and logical protected computer system (20) is connected with the secure arithmetic processor (19), the internal stochastic encoder (15), the internal stochastic decoder (14) and with a transceiver unit of a stochastic transformation (22), subsystem protected access (16) connected to the control unit is protected by treatment (21)connected to the internal stochastic encoder (15), the internal stochastic decoder (14)transmitting the block of stochastic transformation (22), subsystem fo the creation of tables of secret keys (13) and information-logical protected computing system (20), in server distributed data processing (3) information-logical-protected computer system (35) is connected with the secure arithmetic processor (34), are protected by database (36), the stochastic re-encoding (29) and the control unit is protected by treatment (30), which is connected transceiver block stochastic transformation (26), the internal structure of the stochastic re-encoding (29), the subsystem of formation of tables of secret keys (25) and subsystem protected access (31), while the subsystem key distribution (11) CA, generation and distribution of keys (1) are connected respectively with the subsystems of the formation of tables of secret keys (13, 25) user device (2) and server distributed data processing (3).

20. The system according to claim 19, characterized in that the subsystem protected access (16) user device (2) contains the input information from the data carrier (17)connected to the subsystem authentication and integrity of information (18)connected to the control unit is protected by treatment (21) user device (2).

21. The system according to claim 19, wherein the transceiver unit stochastic transformation (22) user device (2) contains the first and second astrostatistics transcoding (23, 24), and the first device stochastic re-encoding (23) included in the transmission path of the data from the server distributed processing (3) to the information-logical protected computing system (20) user device (2)and the second device stochastic re-encoding (24) is included in the rate of receiving data from the information-logical protected computing system (20) user device (2) to the server distributed processing (3).

22. The system according to claim 19 or 21, characterized in that the transceiver block stochastic transformation (26) server distributed processing (3) contains the first and second device stochastic re-encoding (27, 28), and the first device stochastic re-encoding (27) included in the transmission path of the data from the control unit is protected by treatment (30) server distributed processing (3) to the transceiver unit of stochastic transformation (22) user device (2)and the second device stochastic re-encoding (28) is included in the rate of receiving data from the transceiver unit stochastic transformation (22) of the user device (2).

23. System according to any one of p-22, characterized in that the subsystem protected access (31) server distributed processing (3) contains the input information but is of Italia data (32), connected to the subsystem authentication and integrity of information (33)connected to the security processing unit (30) server distributed processing (3).

24. System according to any one of p-23, wherein the secure database (36) server distributed processing (3) includes reserved table of email addresses (37), the protected array Web pages (38) and secure data table (39).

25. Subsystem of formation of public keys for a system of comprehensive protection of distributed data processing in a computer system containing the memory block for tables of secret permutations of columns and rows of tables of secret keys (61), a block of memory for the table is symmetric permutation of rows and columns of the foreign key table (62), the register sequence transitive relationship between rows of tables of secret permutations (63), the logical conclusion to the sequence of transitive dependencies (64), a block of memory for the table relative unclassified permutation of rows and columns of the foreign key table (65), register the public key (66), the input switching unit (67), the entrance of which is the input of the data input subsystem, the output switching unit (68)whose output is the output of output of the public key subsystem, and the control unit (69), while the outputs of the control unit (69) is uedineny respectively to the inputs of the memory block for tables of secret permutations of columns and rows of tables of secret keys (61), memory block for a table of the symmetric permutation of rows and columns of the foreign key table (62), register sequence transitive relationship between rows of tables of secret permutations (63)register the public key (66), input and output units switching (67, 68), block inference on sequence transitive dependencies (64), second and third inputs of which are connected respectively to the outputs of the memory block for the table of the symmetric permutation of rows and columns of the foreign key table (62) and register sequence transitive relationship between rows of tables of secret permutations (63), and the output from the input of the memory block for the table relative unclassified permutation of rows and columns of the foreign key table (65), the output of which is connected to the input register of the public key (66), the output of which is connected to the input of the output switching unit (68), another input connected to the outputs of the memory block for tables of secret permutations of columns and rows of tables of secret keys (61)connected with its input to an output, the input of the switching unit (67)and second outputs, the input of the switching unit (67) and the output of the switching unit (68) is connected to the input of the control unit (69).

26. Stochastic encoder for a system of comprehensive protection of distributed data processing information containing the input reg the p permutation (78), which input is the input encoded data stochastic encoder, block registers columns mnogourovnego encoder (79-1,...,79-n), the first input coupled to the output of the input register permutation (78), wiring diagram columns (80), outputs connected with the second inputs of the registers unit columns mnogourovnego encoder (79-1,...,79-n), cyclic register permutation (81), outputs connected to corresponding inputs of the connection circuit column (80), block of keys-inverters (82-1,...,82-n), the outputs of which are connected with corresponding inputs of the cyclic register permutation (81), recurrent case (83), outputs connected to corresponding inputs of the block of keys-inverters (82-1,...,82-n), a method of forming range (84), the adder on mod 2 (85), the inputs of which are connected respectively to the outputs of registers unit columns mnogourovnego encoder (79-1,...,79-n) and schema formation gamma (84), and the output to the input of the output register of the code block (86)whose output is the output encoded data of the stochastic encoder, block management (87), the outputs of which are connected respectively to the inputs of the input register permutation (78), block registers columns mnogourovnego encoder (79-1,..., 79-n), the connection circuit column (80), cyclic register permutation (81), block of keys-inverters (82-1,..., 82-n), recurrent Regis is RA (83), scheme of formation of gamma (84), adder on mod 2 (85) and the output register of the code block (86), and the control unit (87)with the input of which is connected to an additional output of the recurrent case (83), has an additional input and output for connection to other control units of the system of comprehensive protection of distributed data processing.

27. Stochastic encoder p, characterized in that the pattern of formation of gamma (84) contains a block registers table columns forming range (88-1,...,88-n), the connection circuit column (89), outputs connected to the inputs of block registers table columns forming range (88-1,...,88-n), cyclic register permutation (90), outputs connected to corresponding inputs of the connection circuit column (89), the block of keys-inverters (91-1,...,91-n)whose outputs are connected to respective inputs of the cyclic register permutation (90), recurrent case (92), outputs connected to corresponding inputs of the block of keys-inverters (91-1,...,91-n), the case of the original gamma (93), the adder on mod 2 (94), key (95), the input connected to the output of block registers table columns forming range (88-1,...,88-n), and first and second outputs respectively to the input of the adder by mod 2 (94) schematic of the formation of gamma (84) and to the input of the adder by 2 mod (85) stochastic encoder, the control unit (96), outputs the cat is, which are connected respectively to the inputs of the recurrent case (92), block of keys-inverters (91-1,..., 91-n), cyclic register permutation (90), wiring diagram columns (89), block registers table columns forming range (88-1,..., 88-n), key (95), adder on mod 2 (94), schema formation gamma (84) and the case of the original gamma (93), the output connected to the input of the control unit (96) schematic of the formation of scale, a second input connected to an additional output of the recurrent case (92), and the third input which is connected with the corresponding output of the control unit (87) stochastic encoder.

28. The device stochastic transcoding for a system of comprehensive protection of distributed data processing information containing the input register of the code block (97), the first stage stochastic transformation (98), the input of which is connected to the output of the input register of the code block (97), the first register permutation (99), the first and second inputs which are connected respectively with the first and second outputs of the first stage stochastic transformation (98), the second register permutations (100), the first inputs of which are connected respectively to the outputs of the first register of permutations, second degree stochastic transformation (101), the input of which is connected to the output of the second register of permutations (100), and the first output to the second input of the second register of permutations (100), and the output register code the first block (102), an input connected to the second output of the second stage stochastic transformation (101), each of the mentioned stages of stochastic transformation (98, 101) contains a block of registers columns mnogourovnego encoder (79-1,...,79-n), a first input which is the input of the respective stage stochastic transformation, the connection circuit column (80), outputs connected with the second inputs of the registers unit columns mnogourovnego encoder (79-1,...,79-n), cyclic register permutation (81), outputs connected to corresponding inputs of the connection circuit column (80), block of keys-inverters (82-1,...,82-n)whose outputs are connected to respective inputs of the cyclic register permutation (81), recurrent case (83), outputs connected to corresponding inputs of the block of keys-inverters (82-1,...,82-n), a method of forming range (84), the adder on mod 2 (85), the first input through the key (103) is connected to the output of the register unit columns mnogourovnego encoder (79-1,...,79-n), and the second input - output circuit formation gamma (84), and the second output key (103) is the second output of the corresponding stage stochastic transformation (98, 101), the control unit (87), the first exit which is the first output of the corresponding stage stochastic transformation (98, 101), and the remaining outputs of the is received respectively from the input register unit columns mnogourovnego encoder (79-1,..., 79-n), the connection circuit column (80), cyclic register permutation (81), block of keys-inverters (82-1,..., 82-n), recurrent case (83), an additional output connected to the respective input of the control unit (87), schema formation gamma (84), adder on mod 2 (85) and key (103), the control unit (87) has an additional input and output for connection to other control units of the system of comprehensive protection of distributed data processing.



 

Same patents:

FIELD: mobile communications.

SUBSTANCE: server generates one-time activation code, sends it to user via intellectual card in cell phone and when user inputs an activation code in his cell phone, inputted code is transmitted to server for verification, in case of positive result server sends a command to phone to provide for access, which opens access to appropriate set of functions of intellectual card, while portion of functions can contain, for example, PKI-functions, which were concealed and inaccessible for user until said moment, after that user can select his own PIN-code for authentication, encoding and signature for transactions, and, concerning activation of PKI functions, generation of necessary secret and open keys, and also necessary certification are carried out after verification of activation code.

EFFECT: higher efficiency, broader functional capabilities.

1 cl, 1 dwg

FIELD: computer science.

SUBSTANCE: previously for sender and receiver a binary series of digital watermark k-bit long is formed as well as binary series of secret key, message is certified at sender side using binary series of digital watermark and secret key, certified message is sent to receiver, where authenticity of received message is checked using binary series of digital watermark and secret key.

EFFECT: higher reliability, higher efficiency.

4 cl, 5 dwg

FIELD: information protection.

SUBSTANCE: method for transferring messages while providing for confidentiality of identification signs of communication system objects with interaction of devices of communication system subscribers through central device for each communication session cryptographic conversion of subscriber device identifier is performed using encryption key of current subscriber device, while during said cryptographic conversion symmetrical cryptographic algorithm is used and two message transfer modes are taken in consideration, on initiative from subscriber device to central device and vice versa.

EFFECT: protection from unsanctioned access to identifiers of devices of system subscribers transferred via communication channels, in particular when providing for confidentiality of messages identification signs in communications systems with multiple subscriber devices.

6 dwg

The invention relates to computing and can be used in automated systems for the provision of Internet services

The invention relates to a device for mutual authentication of two blocks of data

The invention relates to the field of user identification in various service systems and providing them with the relevant authority, including confirmation of solvency or reputation stand

The invention relates to a process subscriber identity

The invention relates to the field of computing, and in particular to means of information protection from unauthorized access to electronic computing systems (machines), local area networks (LAN) - based personal computers (PC)

FIELD: computer science.

SUBSTANCE: system has electronic key, information processing block and conversion to video information, block for transmitting optical video information, block for receiving and processing optical video information and controlling electronic key.

EFFECT: higher reliability, higher efficiency, broader functional capabilities.

1 dwg

FIELD: computer science.

SUBSTANCE: previously for sender and receiver a binary series of digital watermark k-bit long is formed as well as binary series of secret key, message is certified at sender side using binary series of digital watermark and secret key, certified message is sent to receiver, where authenticity of received message is checked using binary series of digital watermark and secret key.

EFFECT: higher reliability, higher efficiency.

4 cl, 5 dwg

FIELD: computer science.

SUBSTANCE: system has means for confirming authenticity in real time scale, which detects standard digital signature for executable, using content of digital signature, excluding portions of executable, for which address linking is performed by program loader. Means for confirming authenticity in real time scale after loading of executable image determines integrity of digital signature for checking whether executable was modified in an unsanctioned way, and also guarantees that each pointer in executable image is not readdressed in an unsanctioned way.

EFFECT: higher efficiency, broader functional capabilities.

4 cl, 6 dwg

FIELD: data carriers.

SUBSTANCE: device has calculating, reserving and recording modules. Each variant of semiconductor memory card contains area for recording user data for controlling volume and area for recording user data. On carrier method for computer initialization is recorded, including calculation of size of volume control information, reserving areas and recording therein of control information for volume and user data, recording main boot record and sectors table in first section of first area, skipping preset number of sectors, recording information of boot sector of section, file allocation table and root directory element to following sectors.

EFFECT: higher efficiency.

5 cl, 59 dwg

FIELD: data carriers.

SUBSTANCE: device for reproduction of data from data carrier, program zone of which is used for recording a set of files, and control zone - for controlling copy protection data concerning the file, recorded in program zone, has computer for calculating copy protection information for each time file is reproduced, comparison means for comparing value, calculated on reproduction command, being prior to current one, to value, calculated on current reproduction command, and if these values coincide, the last value is stored as copy protection value, calculated on reproduction command , prior to current one and control means for allowing reproduction of file, appropriate for current command, if value, calculated as response to command, previous relatively to current command, coincides as a result of comparison to value, calculated as a response to current command.

EFFECT: higher reliability, higher efficiency.

4 cl, 46 dwg

FIELD: computer science.

SUBSTANCE: method includes protective mathematical conversion of service data of network frame prior to transfer to environment for transfer of a LAN. To said protective conversion the data is subjected, which is contained in headers of network frames of channel level, and also in headers of all encapsulated network packets and segments. As a result the very possibility of interception is prevented.

EFFECT: higher efficiency.

7 cl, 2 dwg

FIELD: digital memory technologies.

SUBSTANCE: board has rewritable power-independent memory and control circuit, means for storing address, pointing at limit between authentication area and non-authentication area, circuit for changing size of said areas. Reading device contains estimation means, reading information, pointing at number of times, for which digital data can be read, and playback means. Second device variant additionally has means for digital output of contents.

EFFECT: higher efficiency.

3 cl, 23 dwg

FIELD: microprocessors.

SUBSTANCE: device has central processing devices, including first cryptographic block, at least one peripheral block, including second cryptographic block, device also has data bus, random numbers generator, conductor for supplying clock signal, conductor for providing random numbers signal, set of logical communication elements, while each cryptographic block has register of displacement with check connection.

EFFECT: higher level of unsanctioned access protection.

7 cl, 1 dwg

FIELD: electronics.

SUBSTANCE: device has signaling bus, loaded with clock signal, at least one couple of buses serving for encoding one bit, detector circuit, multiplexer. According to method in case of first value of signal of signal bus two buses of one couple detect same level of signal, and in case of second value of signal of signal bus two buses of one couple detect different signal levels, detect forbidden states during operation of board, change process of system functioning, to generate alarm in that way.

EFFECT: higher reliability of protection.

2 cl, 7 dwg

FIELD: copy protection.

SUBSTANCE: system has content distribution block, multiple recording and playback devices for digital data, calculations processing block, meant to perform communications with recording and playback devices and performing calculations processing for transferring license payments.

EFFECT: higher reliability of copy protection.

5 cl, 55 dwg

Processor // 2248608

FIELD: computers, data protection.

SUBSTANCE: processor has bus interface device, device for selection/decoding of commands, device for dispatching/execution, program string decoding device, which string is selected from program and loaded in first levels command cash, which contains a set of N two-input elements XOR, keys memory, storing different N-bit decoding keys.

EFFECT: higher efficiency.

2 dwg

Up!