# Method of generation and authenticity check of electronic digital signature, which certifies electronic document

FIELD: technological processes.

SUBSTANCE: invention is related to the sphere of cryptographic devices and methods of checking electronic digital signature (EDS). In the method the secret key (SK) is formed, which includes three prime many-digit binary numbers ρ, q and γ. The open key (OK) is formed, which contains three many-digit binary numbers n, α and β, where n=Eρq+l, E - even number, α - number, which is related to index q by module n, and β - number, which is related to index γ by module q. Electronic document (ED) is accepted in the form of many-digit binary number H, electronic digital signature (EDS) Q is formed depending on values of SK, OK and many-digit binary number H, the first checking many-digit binary number A is formed depending on Q, intermediate many-digit binary number W is formed depending on OK and many-digit binary number H, the second checking many-digit binary number B is formed depending on W, and numbers A and B are compared. In case parameters of numbers A and B match, conclusion is drawn about authenticity of electronic digital signature.

EFFECT: reduces size of electronic digital signature without reduction of its resistance level.

8 cl

The invention relates to the field of telecommunications and computing, and more particularly to the field of cryptographic authentication methods electronic messages transmitted over telecommunication networks and computer networks, and can be used in systems for the transmission of electronic messages (documents), certified by an electronic digital signature (EDS) (interpretation used in the description of terms are given in Appendix 1).

There is a method of generating and verifying the digital signature described in the books [1. M.A. Ivanov. Cryptography. M, CADIZ IMAGE, 2001; 2. A.G. Rostovtsev, E.B., Machovina. Introduction to public key cryptography. St. Petersburg, the World and the family, 2001. - s.43]. The known method consists in the following sequence of actions:

generate the secret key in the form of three simple MDC p, q and d, form a public key (n, e) as a pair MDC n and e, where n is a number representing the product of two primes MDC p and q, and e - MDC satisfying ed=1 mod (p-1)(q-1), accept an electronic document presents MDC N, depending on the values of N and values of the secret key to form a digital signature in the form MDC Q=S=H^{d}mod n;

form a first test MDC A=H;

form the second test MDC IN what MDC S erected in the integer degree of e modulo n:=S^{e}mod n;

compare the generated test MDC a and b;

when is vpadenii parameters compared MDC and make a conclusion about the authenticity of the digital signature.

The disadvantage of this method is the relatively large size of the signature and the need to increase the size of the signature in the development of new, more efficient algorithms for the factorization of n multipliers or growth performance of modern computing devices. This is because the value of an element of the signature S is computed by performing arithmetic operations modulo n, and the resistance of the EDS is determined by the complexity of the decomposition of the module n, the factors p and q.

There is also known a method of verifying the digital signature El-Gamal, described in the book [Moldovyan A. A., Moldovyan N., Tips BJ Cryptography. - SPb, DOE, 2000. - S-159], which includes the following steps:

form easy MDC p and a binary number G, which is a primitive root modulo p, generate a secret key in the form MDC x depending on x form a public key in the form MDC Y=G^{x}mod p, accept an electronic document (ED), presented in the form of MDC N depending on N and the secret key to form a digital signature Q in the form of two MDC S and R, i.e. Q=(R, S);

follow the procedure of verifying the digital signature, including the calculation of the two control parameters using the original MDC p, G, Y, H, R and S by construction MDC G, Y, R in discrete degree modulo p and comparing the calculated control parameters;

if the values match, the control parameters make the conclusion about the authenticity of the digital signature.

The disadvantage of this method is the relatively large size of the EDS. This is because the values of the elements of the signature S and R are calculated by performing arithmetic operations modulo p - 1 modulo p, respectively.

The closest to the technical nature of the claimed is a method of forming an authentication and digital signature, as described in the article [Kostin A. A., Moldovyan D.N., N.A. moldovyan New cryptosystem with public key based on the RSA-module // Problems of information security. 2005 (68). No. 1. P.8-12]. The closest analogue (prototype) is to perform the following sequence of actions:

generate the secret key in the form of three simple MDC p, q and γform the public key (n, α) as a pair MDC n and αwhere n is a number representing the product of two primes MDC p and q, and α - number related to the metric γ modulo n, take an electronic document presents MDC N, depending on the values of H and the value of the secret key to form a digital signature Q in the form MDC S, that is, Q=S;

form a first test MDC AND what MDC S erected in degree N modulo n;

form the second test MDC IN what MDC α erected in integer degree u≥1 modulo n:=α^{u}mod n;

compare the generated test MDC a and b;

when matching a pair of the EAN compared MDC and make a conclusion about the authenticity of the digital signature.

The disadvantage of the nearest analogue is also relatively large size of the signature, because of the need to calculate the value of S by performing arithmetic operations modulo n, which amount to provide the desired level of firmness EDS is 1024 bits or more.

The aim of the invention is to develop a method of generating an authentication and digital signature, certifying ED, that reduce the size of the signature without compromising durability EDS.

This objective is achieved in that in the known method of generating an authentication and digital signature, certifying the ED, namely, that form a secret key, comprising three simple MDC p, q and γform a public key that includes at least two MDC n and αwhere α<n, accept ED, presents MDC H, depending on the values of N and values of the secret key to form a digital signature Q, form the first and second test MDC, compare them and the coincidence of their parameters make a conclusion about the authenticity of the digital signature, the inventive method is that form the public key, including three MDC n α and β where n=Em+1, E is an even number and m=pq, and n is a Prime number α - number related to the metric of q modulo n, and β - number related to the metric γ modulo q, and γ divides on the ate, the number of q-1 and does not divide evenly among the p-1, EDS is formed in the form of two MDC R and S, i.e. Q=(R, S), then form the first test MDC AND depending on Q, generate intermediate MDC W depending on MDC N, R, S, n, m, α and βand the second test MDC IN shape by compressing the intermediate conversion MDC W.

New also is the fact that the first test MDC AND is formed by subtracting the value of S from the value of R.

New also is the fact that the first test MDC AND is formed by performing the operation of dividing the value of R is S.

New also is the fact that an intermediate MDC W is formed by raising number α the degree of Z modulo n, where Z IS MDC, which is calculated by the formula Z=β^{RSH}mod m, or Z=Hβ^{RS}mod m.

New also is the fact that an intermediate MDC W is formed by raising number α the degree of Z modulo n, where Z IS MDC, which is calculated by the formula Z=β^{RSH}mod m, or Z=Hβ^{RS}mod m, then the resulting value W additionally transform in accordance with the formula W←WH mod n or W←(W+N) mod n, where the sign ← denotes the assignment operation.

New also is the fact that an intermediate MDC W is formed by raising number α the degree of Z modulo n, where Z IS MDC, which is calculated by the formula Z=β^{RH}Y^{S}mod m, or Z=Hβ^{R}Y^{SH}mod m, where Y=β^{x}mod q and x - Ni is sustained fashion casual MDC.

New is also that the compressive transformation of intermediate MDC W performed using a hash function.

New is also that the compressive transformation of intermediate MDC W performed by the operation of taking the remainder of the intermediate MDC W on a Prime number 6, whose length ranges from 64 to 256 bits.

Thanks to the new essential features by modifying the procedure of forming a testing MDC is achieved by reduction of the size of the signature, and the choice of a fixed size secret MDC γ ensures the constancy of the size of the signature if you increase the size of the secret MDC p and q, and therefore maintaining stability EDS, ie formulated the technical result.

The analysis of the level of technology has allowed to establish that the analogues, characterized by a set of characteristics is identical for all features of the claimed technical solution, there are no known sources of information that indicates compliance of the claimed invention to condition patentability of "novelty."

Search results known solutions in this and related fields in order to identify characteristics that match the distinctive features from the nearest analogue of the features of the declared object, showed that they do not follow explicitly from the prior art that indicates compliance of the claimed invention the term "inventive step".

The possibility of implementing the inventive method is explained as follows. It is known that the complexity of the task decomposition of an integer into two large Prime factor depends on the length of the last, so when new methods of decomposition increases the length of its simple factors. The public key is formed in the form of the Prime number n=Npq+1 depending on the secret primes p and q are chosen such that the number of q-1 is divisible by a Prime number γand the number of p-1 is not shared evenly by γ. With a Prime number γ select length approximately equal 160-256 bits, which prevents the possibility of guessing or selection values. Choosing as α a number of related modulo n to the index m, and choosing as β a number of related modulo m to the record γwe can use the following expressions for the formation of the first and second test MDC a and b, respectively:

and

,

where F(W) there is some compression function, computed by performing compressive conversion number, which is its argument, and the element of the signature R is calculated according to pre-select a random number k according to the formula. For example, as a compressive function, you can use the OPE is the situation of taking the modulo of MDC δ having the specified length and specifies the size of values of the function f as a compressive function you can also use the hash function described, for example, in the book [Moldovyan A. A., Moldovyan N. Introduction to cryptography with a public key. - SPb. BHV-Petersburg, 2005. - 286 C.; see p.184-204].

Considering the choice of the numbers α and β equality a=b is executed if the comparison is made β^{k}=β^{RSH}mod m, and the latter is then, and only then, when comparing k≡RSH mod γwhence we obtain the formula for the calculation of the signature:

The owner of the secret number γ can easily compute the correct value of the item signature S, which will depend on the pre-formed values of R and values of N. When the bit width of the element signature S will not exceed the capacity of a secret number γas the value of S is calculated by the module γ. Thus formed the signature (R, S) will satisfy the authentication procedure EDS. The EDS resistance is determined by the complexity of the decomposition module m multipliers and complexity of taking the logarithm modulo p at the base αas to determine the values of k by the well-known element of the signature R, we need to find the value of β^{k}mod m. As the number of α refers to the great until the motor m,
the complexity of taking the logarithm is not lower than the complexity of the decomposition of m multipliers or no difficulty following taking the logarithm modulo p at the base relating modulo p to a large measure m. Both tasks when the bit count m is equal to 1024 bits or more are practically not feasible. When new methods of discrete taking the logarithm or new methods of factorization of m multipliers width m can be chosen to be 2048 bits or more when storing the bit values of compressive features and capacity of a secret number γ. Bit compression function, equal 80-256 bits, makes negligible the probability of finding the correct values of the signature without using the secret key. Bit compression function determines the bit width of the element the signature of R. based on this observation we find that the size of the signature Q=(R, S) ranges from 240 to 512 bits. In the present method of forming and validating a signature, there is a mechanism that maintains the size of the signature if you increase the size of numbers that define the complexity of the task of factoring or discrete taking the logarithm. Compressive function F(W) can be defined through the operation of taking the remainder after division by a Prime number δhaving the desired bit depth: F(W)=W mod δwhere δ≠γ and the bit number δ RA is on 80 to 256 bits.

Consider the examples of implementation of the claimed technical solution with an artificially reduced bit width used numbers.

Example 1. Implementation of the proposed method with the illustration of specific numerical values.

The example MDC recorded for brevity, in the form of decimal numbers in which computational devices are presented and converted into binary form, i.e. as a sequence of signals of high and low potential. When the authentication EDS perform the following steps.

1. Generate the secret key in the form of three MDC (p, q, γ), where γ=48463; MDC p=984413 and q=12γ+1=581557.

2. Generate the public key in the form of a triplet (n, α, β), where

MDC n=2pq+1=1144984542083, where m=pq=572492271041;

MDC α=2916;

MDC β=155150577833.

3. Take the public key of the signer (n, α, β)sent, for example, by the certification authority for telecommunication networks.

4. Take ED presented, for example, the following MDC N (which can be taken, in particular, the hash function from ED): H=37975637.

5. Form a digital signature Q as a pair of numbers (R, S), which performs the following steps:

5.1. Ask a random number k=4757231.

5.2. Form element signature R by performing the operations defined by the formula

where δ=84713:

5.3. Form element signature S by performing the operations defined by the formula

S=31318832.

6. Form a first test MDC AND depending on EDS Q=(R, S):

A=R=73802.

7. Generate intermediate MDC W in accordance with the formula W=α^{Z}mod n, where Z IS MDC, dependent β, N and Q, namely Z=β^{RSH}mod m=155150577833^{73802·31318832·37975637}mod572492271041=219444376609:

W=2916^{219444376609}mod1144984542083=940022876369.

8. Form the second test MDC IN by compressive conversion intermediate MDC W:

V=F(W)=(W)modδ=940022876369 mod 84713=73802.

9. Compare (e.g., bitwise) the parameters of the first and second verification numbers a and B. the Comparison shows that the parameters MDC a and b coincide, which indicates the authenticity of the digital signature, i.e. adopted EDS relates to the ED presented MDC N, and formed the signing, which corresponds to the accepted public key (n, α, β).

Considered in the example implementation of the claimed method steps ensure the correctness of the proposed method in the General case, i.e. for arbitrary length integers n, α, β, p, q, γ, N, R and S, formed in accordance with the claimed method. It is proved theoretically as follows:

The correct value of the EDS can be calculated tolkopri the knowledge of a secret MDC γ
. At the same time, the validation of the signature is performed using the public key (n, α, β). For unauthorized EDS formation it is necessary to decompose the number m on the factors p and q, then arrange the numbers p-1 and q-1 and find the value γ. However, when a large bit number m of this task is computationally feasible. When new methods of problem decomposition is possible to increase the length of the numbers p and q, and consequently, to increase the length of m, keeping the same size number γ and still clutching functions. This will ensure the preservation of the size of the signature when setting the desired values of the complexity of the problem of factorization of m multipliers. The increase in the size of m will also lead to the increasing complexity of discrete tasks taking the logarithm associated with the attempts to calculate the value of k by pre-calculating the value of the β^{k}mod m.

The following additional examples of implementation of the proposed method does not specify a specific value of the numerical values. The correctness of the method is proved mathematically for arbitrary values of the parameters selected in accordance with the description of the invention and the specification of the implementation options in the individual examples.

Example 2. Implementation of the proposed method for making digital signature length of 240 bits.

In Dan is the first example uses the number α related to the metric of q modulo n, and the number βrelating to the index γ modulo q. The index γ select one of the factors of q-1, and the number p is chosen such that p-1 is not divisible by γ, ie γ divides evenly the number of q-1 and does not divide p-1. This choice allows you to use as γ and δ not equal primes of length 160 bits and 80 bits, respectively, so the size of the signature is reduced to a length of 240 bits while maintaining high reliability. High cryptographic strength provided by the security module in which the number β refers to the index γ. In this example performs the following sequence of actions.

1. Generate the secret key in the form of a triplet (p, q, γ), where MDC γ divides evenly the number of q-1 and does not divide p-1, MDC p and q are Prime numbers. Length number π chosen equal to 160 bits.

2. Generate the public key in the form of a triplet (n, α, β), where MDC n=2pq+1 and α there are a number related to the metric of q modulo n.

3. Take the public key of the signer (n, α, β)sent, for example, by the certification authority for telecommunication networks.

4. Take ED presented, for example, the following MDC N (which can be taken, in particular, the hash function from the ED).

5. Form EC is Q as a pair of numbers (R, S), which performs the following steps:

5.1. Ask a random number k.

5.2. Form element signature R by performing the operations defined by the formula

where δ - additional Prime number of length 80 bits. Because this formula specifies the computation modulo length of 80 bits, then the value of R has a length of 80.

5.3. Form element signature S by performing the operations defined by the formula

Because this formula specifies the computation modulo the length of 160 bits, the value of S has a length of 160 bits. Taking into account the length of the element signature R get the length of the EDS - 240 bits.

6. Form a first test MDC AND depending on EDS Q=(R, S):

A=R=73802.

7. Generate intermediate MDC W in accordance with the formula W=α^{Z}mod n, where Z IS MDC, dependent β, N and Q, namely Z=Hβ^{RS}mod m:

8. Convert the intermediate MDC W in accordance with the formula

in result we have is:

9. Form the second test MDC IN by compressive conversion intermediate MDC W:

10. Compare (e.g., bitwise) the parameters of the first and second verification numbers a and B.

The coincidence of the values of a and b is to be used, that digital signature is authentic, i.e. related to the ED presented MDC N, and formed the signing, which corresponds to the accepted public key (n, α, β).

It is proved theoretically as follows. We have

Because α there are a number related to the metric of q modulo n, then

and

so fair the following conversions:

Example 3. Implementation of the proposed method for making digital signature length of 320 bits.

This example uses the number αrelated to the metric of q modulo n, and the number βrelating to the index γ modulo q. The index γ select one of the factors of q-1, and the number p is chosen such that p-1 is not divisible by γ, ie γ divides evenly the number of q-1 and does not divide p-1. This example uses the not equal a Prime number γ and δ length 160 bits each, so the size of the signature is 320 bits while maintaining high reliability. High cryptographic strength provided by the security module in which the number β refers to the index γ. In this example performs the following sequence of actions.

1. Formed by the hydrated key in the form of a triplet (p, q, γ), where MDC γ divides evenly the number of q-1 and does not divide p-1, MDC p and q are Prime numbers. Length number γ chosen equal to 160 bits.

2. Generate the public key in the form of a triplet (n, α, β), where MDC n=2pq+1 and is related to the metric of q modulo n and β there are a number relating to the index γ modulo q.

3. Take the public key of the signer (n, α, β)sent, for example, by the certification authority for telecommunication networks.

4. Take ED presented, for example, the following MDC N (which can be taken, in particular, the hash function from the ED).

5. Form a digital signature Q as a pair of numbers (R, S), which performs the following steps:

5.1. Ask a random number k.

5.2. Generate auxiliary MDC G in accordance with the formula:

where δ - additional Prime number of length 160 bits. Because this formula specifies the computation modulo the length of 160 bits, then the value of G is of length 160.

5.3. Form element signature S by performing the operations defined by the formula

Because this formula specifies the computation modulo the length of 160 bits, the value of S has a length of 160 bits.

5.4. Form element signature R in accordance with the formula R=S+G. Since the values of S and G have a length of 160 bits, the value of R DL also has the well, about 160 bits. Taking into account the length of the signature elements R and S get the length of the EDS - 320 bits.

6. Form a first test MDC AS: A=R-S.

7. Generate intermediate MDC W in accordance with the formula W=α^{Z}mod n, where Z IS MDC, dependent β, N and Q, namely Z=β^{RSH}mod m:

8. Convert the intermediate MDC W in accordance with the formula

in result we have is:

9. Form the second test MDC IN by compressive conversion intermediate MDC W:

10. Compare (e.g., bitwise) the parameters of the first and second verification numbers a and B.

The coincidence of the values a and b will mean that the digital signature is authentic, i.e. related to the ED presented MDC H, and formed the signing, which corresponds to the accepted public key (n, α, β).

It is proved theoretically as follows. We have

Calculate the value of

Because α there are a number related to the metric of q modulo n, then

and

so fair the following conversions:

PQS is liku A=R-S=(G-S)+S, then A=B.

Example 4. Implementation of the proposed method for making digital signature length of 400 bits.

This example uses the number αrelated to the metric of q modulo n, and the number βrelating to the index γ modulo q. The index γ select one of the factors of q-1, and the number p is chosen such that p-1 is not divisible by γ. As MDC γ and δ are not equal between a Prime number of length 160 bits and 80 bits, respectively. In this example performs the following sequence of actions.

1. Generate the secret key in the form of a triplet (p, q, γ), where MDC γ divides evenly the number of q-1 and does not divide p-1, MDC p and q are Prime numbers. Length number γ chosen equal to 160 bits.

2. Generate the public key in the form of a triplet (n, α, β), where MDC n=2pq+1 and α there are a number related to the metric of q modulo n and β there are a number relating to the index γ modulo q.

4. Take ED presented, for example, the following MDC N (which can be taken, in particular, the hash function from the ED).

5. Form a digital signature Q as a pair of numbers (R, S), which performs the following steps:

5.1. Ask random numbers is k.

5.2. Generate auxiliary MDC G in accordance with the formula:

where δ - additional Prime number of length 80 bits. Because this formula specifies the computation modulo length of 80 bits, then the value of G has a length of 80.

5.3. Form element signature S by performing the operations defined by the formula

Because this formula specifies the computation modulo the length of 160 bits, the value of S has a length of 160 bits.

5.4. Form element signature R in accordance with the formula R=S·G. Since S has a length of 160 bits, and G has a length of 80 bits, the value of R obtained as the product of the values of S and G, has a length equal to the sum of the lengths of the values of S and G, i.e. has a length of 240 bits. Taking into account the length of the signature elements R and S get the length of the EDS - 400 bits.

6. Form a first test MDC AS:

7. Generate intermediate MDC W in accordance with the formula W=α^{Z}mod n, where Z IS MDC, dependent β, H and Q, namely Z=β^{RSH}mod m:

8. Convert the intermediate MDC W in accordance with the formula

in result we have is:

9. Form the second test MDC IN by compressive transformation interim MD Prov. W:

10. Compare (e.g., bitwise) the parameters of the first and second verification numbers a and B.

When forming the signature with a secret key values a and b will be the same, which means the authenticity of the digital signature, i.e. that the EDS applies to the ED presented MDC N, and formed the signing, which corresponds to the accepted public key (n, α, β). It is proved theoretically as follows. We have

Because α there are a number related to the metric of q modulo n, then

and

so fair the following conversions:

Because

then A=B.

Example 5. Implementation of the proposed method for making digital signature length of 240 bits.

This example uses the number αrelated to the metric of q modulo n, and the number βrelating to the index γ modulo q. The index γ select one of the factors of q-1, and γ does not divide evenly among the p-1. As MDC γ and δ are not equal between a Prime number of length 160 bits and 80 bits, respectively, so the size of the signature in this example is 240 bits. When you generate a number n of IP is alzueta even number E value 8192, that simplifies the generation of simple MDC n. In this example performs the following sequence of actions.

1. Generate the secret key in the form of a triplet (p, q, γ), where length is the number of γ chosen equal to 160 bits.

2. Generate the public key in the form of a triplet (n, α, β), where MDC n=Epq+1 is a Prime number, and α there are a number related to the metric of q modulo n, β there are a number relating to the index γ modulo q. This simple MDC n generate the following way: generate two Prime numbers p and q, then for different values of the even numbers E, chosen from the condition E<8192, computes n=Epq+1, and then checks whether n is a Prime number. This method of generating Prime numbers n ensures with a high probability of finding, for a given pair of numbers p and q such odd values of E, in which the number n=Epq+1 is simple.

3. Generate a first auxiliary random MDC x.

4. Generate a second auxiliary MDC Y=β^{x}mod q.

5. Take the public key of the signer (n, α, β) and the second auxiliary MDC Y sent, for example, by the certification authority for telecommunication networks.

6. Take ED presented, for example, the following MDC H (which can be taken, in particular, the hash function from the ED).

7. Form EC is Q as a pair of numbers (R, S), which performs the following steps:

7.1. Ask a random number k.

7.2. Form element signature R in accordance with the formula:

where δ - additional Prime number of length 80 bits. Because this formula specifies the computation modulo length of 80 bits, then the value of R has a length of 80.

7.3. Form element signatures S in accordance with the formula:

Because this formula specifies the computation modulo the length of 160 bits, the value of S has a length of 160 bits. Taking into account the length of the signature elements R and S get the length of the EDS - 240 bits.

8. Form a first test MDC A: A=R.

9. Generate intermediate MDC W in accordance with the formula W=α^{z}mod n, where Z IS MDC, dependent β, N and Q, namely Z=β^{RH}Y^{S}mod m, where m=pq:

10. Convert the intermediate MDC W in accordance with the formula

in result we have is:

11. Form the second test MDC IN by compressive conversion intermediate MDC W:

12. Compare (e.g., bitwise) the parameters of the first and second verification numbers a and B.

The coincidence of the values of a and b means that the digital signature is authentic, i.e. related to adopted the mu ED, presents MDC N, and formed the signing, which corresponds to the accepted public key. It is proved theoretically as follows. In accordance with the procedure of authentication of digital signature we have

Because α there are a number related to the metric of q modulo n, then

and

so fair the following conversions:

Since A=G, then A=B.

Thus, it is shown that the inventive method can be used as the basis of proof systems EDS, ensure the reduction of the size of the signature in comparison with the known solutions and maintaining the size of the signature with the appearance of new, more efficient algorithms for solving the problem of decomposition of numbers on multipliers and problems of discrete taking the logarithm, i.e. low probability of unauthorized formation of EDS ("false" authentication EDS).

The example and mathematically show that the proposed method of generating an authentication and digital signature works correctly, technically realistic and allows you to solve the problem.

Appendix 1

Interpretation of terms used in the description

1. Binary digital electromagnetic signal is al - the sequence of bits as zeros and ones.

2. Binary options digital electromagnetic signals: capacity and order unit and zero bits.

3. Bit binary digital electromagnetic signal to the total number of unit and zero bits, for example, the number 10011 is a 5-bit.

4. Electronic digital signature (EDS) - binary digital electromagnetic signal whose parameters depend on the signed electronic document and a secret key. Authentication digital signature is performed using a public key, which depends on the secret key.

5. Electronic document (ED) - binary digital electromagnetic signal, the parameters of which depend on a source document and a way of converting it to electronic form.

6. The secret key is a binary digital electromagnetic signal used to generate the signature for a given electronic document. The secret key is represented, for example, in binary form as a series of digits "0" and "1".

7. The public key is a binary digital electromagnetic signal whose parameters depend on the secret key and which is intended to authenticate the digital signature.

8. The hash function from the electronic document is a binary digital electromagnetic signal parameters the factors which depend on the electronic document and the selected method of its calculation.

9. Multibit binary number binary digital electromagnetic signal that is interpreted as a binary number and is represented as a sequence of digits "0" and "1".

10. The operation of the raising number S in a discrete degree And modulo n is an operation performed on a finite set of natural numbers {0, 1, 2,..., n-1}that includes n numbers, which are the remains of the division all kinds of integers on the number n; the operations of addition, subtraction and multiplication modulo n is a number from this set [Vinogradov I.M. fundamentals of theory of numbers. - M.: Nauka, 1972. - 167 S.]; the operation of the raising number S in a discrete degree of Z modulo n is defined as a Z-fold serial multiplication modulo n number of S on itself, i.e. the result of this operation also produces the number W that is less than or equal to the number n-1; even for very large numbers, S, Z and n are efficient algorithms perform construction in a discrete degree modulo [see Moldovyan A. A., Moldovyan N., guts N, Izotov BV Cryptography: speed ciphers. St. Petersburg, BHV-Petersburg, 2002. - P.58-61 or B. Schneier. Applied cryptography. - M., Izd-vo "Triumph", 2002. - S-280] and electronic devices carrying out this operation with great speed [D & DH. The first ten years of public-key cryptography // TIER. 1988. T. No. 5. P.67-68]; the execution of which erali the raising number S in a discrete degree of Z modulo n is denoted as W=S^{
Z}mod n, where W is the number resulting from this operation.

11. The Euler function from the natural numbers n is the number of numbers which are coprime with n not exceeding n [Vinogradov I.M. fundamentals of theory of numbers. - M.: Nauka, 1972. - 167 C.; Buchstab A.A. theory of numbers. - M.: Education, 1966. - 384 p].

12. The index of q modulo n number a, which is relatively Prime to n is the minimum of the numbers γfor which the condition a^{γ}mod n=1, i.e. q=min{γ_{1}that γ_{2}, ...} [Vinogradov I.M. fundamentals of theory of numbers. - M.: Nauka, 1972. - 167 C.].

13. A primitive root is a number related to the metric, which is equal to the Euler function from the module.

14. Inverse element modulo n to the number of a, which is relatively Prime to n, there is a natural number, denoted as^{-1}for which the condition a^{-1}a=1; for any number of mutually Prime with the module, there is an element of the inverse of this number. Known efficient algorithms for computing the inverse elements [Y. Romanets, Timofeev P.A., Shangin V.F. Protection of information in computer systems and networks. - M.: Radio and communication. - S-310].

15. The operation of integer division And integer modulo n is performed as the operation of multiplication modulo n integers And an integer In^{-1}that is inverse to a In modulo n.

1. Method generators is tion and authentication of digital signature the certifier electronic document, namely, that form a secret key, comprising three simple multibit binary numbers p, q and γform a public key that includes at least two multibit binary numbers n and αwhere α<n, take an electronic document presents a multi-bit binary number N, depending on the values of N and values of the secret key to form a digital signature Q, form the first and second test multi-digit binary numbers, and compare them with matching their parameters make a conclusion about the authenticity of the digital signature, wherein forming the public key, including three multi-digit binary number n, α and βwhere n=Em+1, E is an even number and m=pq, and n is a Prime number α - number related to the metric of q modulo n, and β - number related to the metric γ modulo q, and γ divides evenly the number q-1 does not divide evenly among the p-1, a digital signature is formed in the form of two multibit binary numbers R and S, i.e. Q=(R, S), then form the first test multibit binary number depending on Q, generate intermediate multi-bit binary number W depending on multibit binary numbers N, R, S, n, m, α and βand the second multibit test voicee number formed by compressing the conversion of the intermediate multi-bit binary numbers W.

2. The method according to claim 1, characterized in that the first test multi-bit binary number And is formed by subtracting the value of S from the value of R.

3. The method according to claim 1, characterized in that the first test multi-bit binary number And is formed by performing the operation of dividing the value of R is S.

4. The method according to claim 1, characterized in that the intermediate multi-bit binary number form W by raising number α the degree of Z modulo n, where Z is a multi-bit binary number, which is calculated by the formula Z=β^{RSH}mod m, or Z=Hβ^{RS}mod m.

5. The method according to claim 1, characterized in that the intermediate multi-bit binary number form W by raising number α the degree of Z modulo n, where Z is a multi-bit binary number, which is calculated by the formula Z=β^{RSH}mod m, or Z=Hβ^{RS}mod m, then the resulting value W additionally transform in accordance with the formula W←WH mod n or W←(W+H) mod n, where the sign ← denotes the assignment operation.

6. The method according to claim 1, characterized in that the intermediate multi-bit binary number form W by raising number α the degree of Z modulo n, where Z is a multi-bit binary number, which is calculated by the formula Z=β^{RH}Y^{S}mod m, or Z=Hβ^{R}Y^{SH}mod m, where Y=β^{x}mod q and x - additional kuchinoerabujima binary number.

7. The method according to claim 1, characterized in that the compressive transformation of the intermediate multi-bit binary number W is performed by using a hash function.

8. The method according to claim 1, characterized in that the compressive transformation of the intermediate multi-bit binary number W is carried out by means of the operation of taking the remainder of the intermediate multi-bit binary numbers W for a Prime number δwhose length is in the range from 64 to 256 bits.

**Same patents:**

FIELD: technological processes.

SUBSTANCE: invention is related to the sphere of electrical communication, namely to the sphere of cryptographic devices and methods of electronic digital signature (EDS) check. In the method the secret key (SK) is formed, which includes three many-digit binary numbers (MDN) p, q and γ, where p, q are prime numbers and γ is composite number. The open key (OK) is formed in the form of two many-digit binary numbers n and α, where n = pq and α - number, which is related to index q by module n. Electronic document (ED) is accepted in the form of many-digit binary number H. Electronic digital signature (EDS) Q is formed depending on values of SK, OK and many-digit binary number H. The first checking many-digit binary number A is formed depending on Q. The intermediate many-digit binary number W is generated depending on OK and many-digit binary number H. The second checking many-digit binary number B is formed depending on W, and numbers A and B are compares. In case parameters of A and B numbers match, conclusion is drawn about authenticity of electronic digital signature.

EFFECT: reduces size of electronic digital signature without reduction of its resistance level.

10 cl, 6 ex

FIELD: digital rights control system.

SUBSTANCE: system contains first user device designed for query message setup and transfer, indicating transaction to be run in relation to digital content of at least one object of digital rights (OR), rights issuer aimed to receive query message from first user device, to identify transaction and to process this transaction and to provide access rights to digital content conjointly with server for second user device designed to receive information on stated access right concession. Receive of mentioned information by second user device on digital content access right concession is confirmation of execution of this right to second user device. Method describes operation of mentioned system.

EFFECT: ability of authorized user to transfer partially used or unused object of right to another user and return of OR.

49 cl, 15 dwg, 2 tbl

FIELD: portable electronic devices.

SUBSTANCE: portable electronic device includes memory to store a secret code in the form of pre-defined character sequence; rotating device with touch surface providing for user tactile impact and installed in such a manner as to provide for rotation around its axis; feedback tools separated from the rotating device to provide for feedback to user when turning the rotating device; conversion tool to convert each turn in sequence of turns of the rotating device to a character of corresponding ordered test character sequence, and verification tool to verify the test character sequence by comparing it with pre-defined character sequence.

EFFECT: user convenience during input of test character sequence along with provision of security and restriction of access to the device or to its individual functions.

33 cl, 7 dwg

FIELD: cryptography.

SUBSTANCE: in accordance to the method, cryptographic module is provided with two types of data, which may be received even from a communication partner who is not cryptographically reliable, and which either remain in cryptographic module, or are connected to the document. The information, which remains in cryptographic module, is used to protect the information in the document by generation of a check value, and information which is transferred to document, is used to confirm the fact that the document is protected by a cryptographic module, during the check of document authenticity in a control device.

EFFECT: the contact between cryptographically reliable contact device and document creator is realized directly.

2 cl, 3 dwg

FIELD: infrastructure of public keys (PKI), namely, registration and activation of PKI functions in infrastructures of public keys in SIM-cards.

SUBSTANCE: in accordance to the method, reference code and corresponding activation code are recorded in a table at protection server integrated in PKI or connected to PKI. The user inputs reference code or number in record form together with his personal data, after that the form is sent to PKI and to protection server. After registration is confirmed from the side of PKI, the confirmation information is transmitted to user and supplemented with a request to input activation code at user terminal. Simultaneously, the activation code associated with reference code in the table and identification data of smart-card of user are transmitted to activation module in PKI, then activation code together with identification data of smart-card is transmitted from terminal to activation module and on receipt thereof the activation module determines whether the data coincides with activation code and identification data, provided in advance by protection server, and in case they do, the module performs command of activation of PKI-component of smart-card.

EFFECT: reduced processing time.

13 cl

FIELD: methods and system for processing visualized digital information.

SUBSTANCE: the system for protecting visualized digital data contains a set of computing devices, where at least one of them is the main device, and at least another one is a remote computing device, where each one of aforementioned devices contains one or more processing components, configured for usage in data processing chain, consisting of components for processing protected information, subject to visualization for user, individual processing components which support one or more of such interfaces, such as authentication interface and intermediary authentication interface, where the intermediary authentication interface ensures reading of authentication identifiers and recording of authentication identifiers, and authentication identifier uses for each one of one or more lists for checking each component in each one of aforementioned one or more lists, to determine authorized components, where an authorized component may receive non-encrypted data. Methods describe operation of the system.

EFFECT: protection from unsanctioned access or duplication of unprotected information immediately after that information reaches visualization device, such as a user computer.

20 cl, 8 dwg

FIELD: online transactions.

SUBSTANCE: method for conducting an online transaction includes providing a transaction manager. Single use transaction request identification is generated, transaction manager compares transaction request identification to banking information of registered user. Registered user is provided with transaction request identification, registered user requests purchase of product or service from a merchant, where purchase requests includes providing transaction request identification to the merchant. The merchant dispatches a request to transaction manager for payment by money transfer from user to merchant, where payment request includes identification of transaction request and cost; check by transaction manager of trustworthiness of transaction request identification; and, if transaction request information is trustworthy, request for electronic transfer of money is dispatched to financial institution to transfer a sum of money from user account to another account; it is checked, whether sufficient sum of money is available on banking account of user, and, if sufficient amount is available, the financial institution conducts the transfer according to banking information; and transaction manager receives confirmation about transaction from financial institution and dispatches a confirmation to the merchant.

EFFECT: increased efficiency.

5 cl, 16 dwg

FIELD: protocols for interaction of peer entities of network structure and, in particular, concerns protective infrastructures for protocols of interaction of peer entities.

SUBSTANCE: methods are provided, which suppress capability of malicious node to disrupt normal operation of peer-to-peer network. Claimed methods allow nodes to use both protected and unprotected data about identity, ensuring self-check thereof. Then necessary or comfortable, association of ID is checked by "enclosing" a trustworthiness checking procedure into appropriate messages. Probability of connection to malicious node is initially reduced due to random selection of node with which connection is established. Also, information from malicious nodes is identified and may be discarded by recording information about previous connections, which will require a response in the future.

EFFECT: creation of protection infrastructure for a system with peer-to-peer network structure.

4 cl, 6 dwg

FIELD: communications engineering, possible use for checking protection of message (Msg), which is transmitted and received in electronic form.

SUBSTANCE: in accordance to the invention method contains stages at transmitting side, at which unambiguous message identifier is associated with message (ID_{Msg}) and control identifier (ID_{CONTR}) of identification code of message owner, which is received by applying encoding (12), connected to owner of transmitted message, to unambiguous message identifier (ID_{Msg}). At receiving side method contains stages, at which fact of presence or absence of already received message with the same associated unambiguous message identifier (ID_{Msg}) is checked and transmitted by means of signal, and match is determined between unambiguous message identifier (ID_{Msg}), associated with received message, and result (ID_{DCONTR}) of decoding of user name of control (ID_{CONTR}).

EFFECT: ensured control of protection of message which is transmitted and received in electronic form.

3 cl, 3 dwg

FIELD: computer networks.

SUBSTANCE: in accordance to the invention, in home computer network, formed with presence of controlling devices and control station, device for notifying control station about operation state of digital rights management relatively to control device includes: DRM module, which executes digital rights management; module for generating status variables, which receives information about operation condition of DRM from DRM module, which indicates condition of current active DRM process, and on basis of received DRM status information generates DRM status variables; and module for universal detection and auto-adjustment of devices (uPnP), which, using uPnP protocol, transmits generated status variables to control station.

EFFECT: recognition of operation state of digital rights management (DRM) process in DRM system, which uses universal protocol (uPnP) for recognition and auto-adjustment of devices.

2 cl, 7 dwg

FIELD: information protection.

SUBSTANCE: method for transferring messages while providing for confidentiality of identification signs of communication system objects with interaction of devices of communication system subscribers through central device for each communication session cryptographic conversion of subscriber device identifier is performed using encryption key of current subscriber device, while during said cryptographic conversion symmetrical cryptographic algorithm is used and two message transfer modes are taken in consideration, on initiative from subscriber device to central device and vice versa.

EFFECT: protection from unsanctioned access to identifiers of devices of system subscribers transferred via communication channels, in particular when providing for confidentiality of messages identification signs in communications systems with multiple subscriber devices.

6 dwg

FIELD: computer science.

SUBSTANCE: previously for sender and receiver a binary series of digital watermark k-bit long is formed as well as binary series of secret key, message is certified at sender side using binary series of digital watermark and secret key, certified message is sent to receiver, where authenticity of received message is checked using binary series of digital watermark and secret key.

EFFECT: higher reliability, higher efficiency.

4 cl, 5 dwg

FIELD: mobile communications.

SUBSTANCE: server generates one-time activation code, sends it to user via intellectual card in cell phone and when user inputs an activation code in his cell phone, inputted code is transmitted to server for verification, in case of positive result server sends a command to phone to provide for access, which opens access to appropriate set of functions of intellectual card, while portion of functions can contain, for example, PKI-functions, which were concealed and inaccessible for user until said moment, after that user can select his own PIN-code for authentication, encoding and signature for transactions, and, concerning activation of PKI functions, generation of necessary secret and open keys, and also necessary certification are carried out after verification of activation code.

EFFECT: higher efficiency, broader functional capabilities.

1 cl, 1 dwg

FIELD: computer science.

SUBSTANCE: system has center of certification, forming and distribution of keys, at least one user device and at least one distributed data processing server. Method describes operation of said system. Subsystem for forming open keys contains memory block for tables of secret substitutions of columns and rows of secret keys tables, memory block for table of symmetric substitution of columns and rows of external key table, register for sequence of transitive connection between rows of secret substitutions tables, block for logical output on sequence of transitive dependence, memory block for table of relative non-secret substitution of columns and rows of external key table, open key register, input commutation block and control block.

EFFECT: higher efficiency, broader functional capabilities.

5 cl, 15 dwg

FIELD: mobile communications.

SUBSTANCE: protection means has key module and blocking module. Mobile communication system has protection means and communication port. Method describes operation of said protection means and mobile device.

EFFECT: broader functional capabilities.

3 cl, 5 dwg

FIELD: electrical communications.

SUBSTANCE: proposed method that can be used in attack detection systems for on-line detection and blocking of unauthorized attacks in computer systems including Internet involves presetting of list of authorized connections as aggregate of reference connection identifiers, introduction of factor of urgency of reference authorized-connection identifiers and list of names of authorized processes, generation of list of unauthorized connections received in the course of checkup due to introduction of maximal admissible quantity of any of probable unauthorized connections, and their counting.

EFFECT: enhanced reliability of identifying unauthorized attacks in computer networks.

1 cl, 8 dwg

FIELD: systems and method for controlling transfer of keys for decoding or access to encoded information.

SUBSTANCE: each one of variants of information protection systems for controlling access to protected information has hardware means for storing at least one data element, including decoding key and appropriate information protection code, while information protection code sets number of operations of passage of decoding key, and first user, connected to encoded information, can determine through information protection code, whether second user can transfer code for information protection to third user, while number of generation of data is requested each time after receipt of query for transferring decoding key to another user and is decreased for one unit for each request, and as soon as it reaches zero, system denies all further requests.

EFFECT: improved level of information protection.

3 cl, 6 dwg

FIELD: engineering of object access means.

SUBSTANCE: device has saved standard, containing fingerprint of authorized user, combined with verification code. In case of match between fingerprint of authorized user with one stored in memory, verification code if generated. Device activated by key periodically transmits an identifier, on receipt by access device of identifier, matching one of identifiers stored in memory, appropriate access key is extracted and sent to device activated by key to allow access to user.

EFFECT: high level of protection from unauthorized access.

3 cl, 2 dwg

FIELD: radio engineering, in particular, authentication method for stationary regional wireless broadband access systems, possible use, for example, for protecting transferred data in stationary regional broadband access systems.

SUBSTANCE: in accordance to method, two main procedures are performed - authentication of client station and, also, authentication of base station.

EFFECT: increased protection level of transmitted data in stationary wireless broadband access systems.

4 cl, 6 dwg

FIELD: technology for checking authentication and authorization.

SUBSTANCE: method for checking rights of user of end telecommunication device for using a service, while device for accessing telecommunication network receives at least one certificate and identification data from telecommunication end device, after that network control device together with certification device checks, whether certificate, confirming identification data, is valid and whether it has positive status, whether additional privileges are given by additional certificates, and if that is so, then secret data is transferred to access device (session key), which are also transferred to telecommunication end device in form, encrypted by at least an open key, and access device provides free access by taking a decision, appropriate for rights of user of telecommunication network.

EFFECT: simple and efficient authentication and authorization of users for certain services or transactions, performed via telecommunication network.

11 cl, 1 dwg