Method and apparatus for pseudonym generation and authentication

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to protection of user information from unauthorised access using a pseudonym and can be used in electronic medical systems. The method and apparatus for generating and authenticating a pseudonym are intended for protecting user information from unauthorised access. The method comprises steps of: determining a set of public parameters and a set of private parameters; receiving a user identifier ID_user from a user device; generating a prime pseudonym based on the determined set of private parameters and the ID_user; and transmitting the prime pseudonym P_prime and the set of public parameters to the user device. A Personal Identity Manager (PIM) includes a unit for determining a set of public parameters and a set of private parameters, a unit for receiving a user identifier ID_user, a unit for generating a prime pseudonym and a unit for transmitting the prime pseudonym to the user device.

EFFECT: high information security of electronic systems.

26 cl, 7 dwg

The technical field to which the invention relates.

The invention generally relates to a method and device to protect user information from unauthorized access and, in particular, to a method and device to protect user information from unauthorized access using the alias.

The level of technology

With the development of electronic technology, electronic medical system is widespread in modern medical facilities to store and manage personal information and medical documentation (e.g., outpatient cards, test results and other) users (e.g. patients). However, electronic documents susceptible to theft or diversion. Accordingly, the issue of protection of modern electronic medical systems acquires special importance.

To improve the security of electronic medical systems proposed two methods to protect user information from unauthorized access: anonymization and pseudonymization. The goal of anonymization is to eliminate the connection between the real user ID and health documentation. In other words, according to the method of anonymization, no individual user information is not recorded, and stored only health is documentation. According to this method of anonymization, the user cannot be tracked by the health records and information of the user can be protected from unauthorized access. How pseudonymization was developed on the basis of the method of anonymization. According to the method of pseudonymization, the relationship between the real user ID and health documentation is eliminated, and establishes the correspondence between the medical documentation user and one or more of its aliases. Accordingly, the method of pseudonymization protects individual information of the user, as well as the ability to monitor his health records.

Figure 1 shows the modern mechanism of pseudonymization developed Healthcare Information Technology Standards Panel (HITSP). According to figure 1, when the user U100 comes to the hospital, he first of all sets the ID of theID_useruser, which is his real ID, medical system D110 hospital at step S110. At step S120, the medical system D110 sendsID_userManager D120 cross-referenced with the identity of the person (PIX). At step S130, the PIX Manager D120 storesID_userand asks the server D140 alias generation of alias to assign to the alias user is th at step S140. At step S150, the server D140 aliases generates aliasP_pseufor user in response to the request, at step S160, the server D140 alias returns the generated aliasP_pseuthe PIX Manager D120. At step S170, the PIX Manager D120 preserves the nicknameP_pseuin one to one correspondence with theID_userand, at step S180, returns medical system D110 certificate alias that contains the aliasP_pseu. Then the medical system D110 hospital registers the certificate alias in step S190, and returns it to the user U100 at step S195. Thus, the user U100 can be diagnosed or treated for assigned alias in the hospital, and his health records will be written under a pseudonym. Alternatively, the hospital may, if desired, to get the real user ID of the Manager PIX D120 using this certificate alias that allows tracking.

Unfortunately, modern way of pseudonymization shown in figure 1, has several disadvantages.

First, for security reasons, to protect information from unauthorized access and other things or for the reason that the user may lose previously generated alias, he may request the generation of a new alias every time the entry is Institute in the hospital or even to request the generation of several different new aliases for the diagnosis and/or treatment of various diseases in the same hospital. In this case, the server D140 aliases shown in figure 1 must often generate aliases for the user, which increases the workload on the server alias. In this case, the PIX Manager must maintain the correspondence between the real user ID and a large number of aliases. Thus, the PIM must have a database of a large volume, which leads to higher server.

Secondly, the provision of services pseudonymization has a regional restriction, i.e. local server aliases Manager identification can provide services pseudonymization only medical systems in local hospitals within their service area or medical systems, using the same mechanism services pseudonymization. In other words, if the medical system generates an alias for a user, the medical system in different regions or with different mechanisms of pseudonymization cannot identify an alias for the same user. Every time the user moves from one region to another, a new region, it is necessary, therefore, to disclose your real ID PIM in this new region for alias in force in this new region, and then use this alias for treatment in the hospital. This being the more users a great inconvenience.

Thirdly, in some cases, based on trust, the user wishes to disclose your real ID only local PIM, whom he trusts, but not PIM in another, unfamiliar region. In this aspect of the modern way of pseudonymization can be applied only in a very limited region.

Thus, it is necessary to provide improved method and apparatus for generation and authentication alias that allows the user to easily and safely use interregional medical care.

Objective and summary of the invention

The objective of the invention is the provision of a method and device for generating and authentication alias that allows inter-regional identity.

Another object of the invention is the provision of a method and device for generating and authentication alias that allows you to reduce the workload of the server.

To solve the above-mentioned objectives, the invention provides a method of generating alias Manager personal identity Manager (PIM). The method comprises the steps are: define the set of public parameters and the set personal options; take the ID of theID_useruser from the user device; generate primary aliason the basis of the Oprah is Lenogo set personal options and ID_userwhereH₁a one - way hash function, ∂ is a random number selected from theZ_pandp- selected Prime number; and transmit the primary aliasP_primeand a set of public parameters to the user device.

This method allows you to tell the user only the primary alias once, when he makes the initial registration using PIM. Not often required to generate the set of aliases for the same user. Thus, this method can reduce the workload PIM.

To solve the above-mentioned objectives, the invention provides a method of generating an alias on the user device. The method comprises steps in which: pass the ID of theID_useruser Manager personal identification (PIM); PIM accept a set of public parameters and the primary aliasP_primecorresponding toID_user; and select at least two of the random parameter, and generate podesignedP_pseuon the basis of at least two random parameters, the set of public parameters and primary aliasP_prime.

According to this method, the user device may generate podesigned on the basis of primary alias, obtained from the PIM. Cu is IU, because podesigned generated using at least two random parameters, the generated podesigned very well hides information about the primary alias, and between many of the generated podeshevleniyu there is no relationship. Even in the case of interception of one or more podeshevleniyu, the interceptor will not be able to extract the primary user alias from intercepted podeshevleniyu. Thus, the mechanism of generation of aliases has a high level of protection.

To solve the aforesaid problems, the invention provides a method of authentication alias for a third party device. The method comprises steps in which: receive from the user device podesignedP_pseuand IDID_serverto identify a Manager's personal identity Manager (PIM); receive from the PIM set of public parameters based on the ID of theID_server; and authenticate the authentication of podesavanjimaP_pseuby interacting with the user device based on the set of public parameters.

According to this method, any third-party device-dependent or not dependent PIM can authenticate the authentication of podesavanjima received from the user device, by interacting with elizavetenskiy device based on the set of public parameters, received from the PIM. Thus, the use of podesavanjima no longer confined to any specific region. According to the above described way the medical system in the hospital in any region can identify podesigned user and can then track his real ID, using the appropriate PIM, which assigns a primary alias.

According to another aspect of the invention provides a Manager's personal identity Manager (PIM), PIM contains: definition block, adapted to determine a set of public parameters and a set of personal parameters; a reception unit adapted to receive the ID of theID_useruser; a generation unit adapted to generate a primary aliason the basis of the set personal options andID_userwhereH₁a one - way hash function, ∂ is a random number selected from theZ_pandp- selected Prime number; and a transmission unit adapted to transmit the primary aliasP_primeon the user's device.

According to another aspect of the invention provides a user device, the user device includes: a transmission unit adapted to transmit the ID of theID_userthe user is referred to the Manager of personal identity Manager (PIM); a reception unit adapted to receive a set of public parameters and the primary aliasP_primecorresponding toID_userfrom PIM; and a generation unit adapted to select at least two random parameter and generate podesignedP_pseuon the basis of at least two random settings, open settings and primary aliasP_prime.

According to another aspect of the invention is provided by a third-party device, which the user can request the service, with a third-party device comprises: a reception unit adapted to receive from the user device podesignedP_pseuand IDID_serverto identify a Manager's personal identity Manager (PIM); a transmission unit adapted to transmit the information to a user device; a receiving unit adapted to receive a set of public parameters from the PIM based on the ID of theID_server; and an authentication unit adapted to authenticate the authentication of podesavanjimaP_pseuby interacting with the user device via the transmission unit and the reception unit on the basis of the set of public parameters.

Other tasks and implementation, as well as a more complete understanding of the invention and will be readily available from the clarified with reference to the following description and claims, given in conjunction with the attached drawings.

Brief description of drawings

The invention will be described in more detail below, by way of example, with reference to the accompanying drawings, where:

figure 1 - illustrative logical block diagram of a modern way of pseudonymization;

figure 2 is a logical block diagram of the method of generation and authentication alias according to a variant embodiment of the invention;

figure 3 is a logical block diagram of the authentication method of podesavanjima according to a variant embodiment of the invention;

4 is a message exchanged between different objects according to the method of generation and authentication alias according to a variant embodiment of the invention;

figure 5 - configuration Manager identification according to a variant embodiment of the invention;

6 is a configuration of a user device according to a variant embodiment of the invention; and

Fig.7 - configuration of the other device according to a variant embodiment of the invention.

In the drawings, the same legend indicate similar or corresponding features or functions.

Description of embodiments

The medical system will be considered as an example to describe the method and device for generating and authentication alias according to a variant implementation of the Britania. However, the specialist in the art it is obvious that the method and apparatus for generation and authentication alias that meets the invention is not limited to use in the hospital, but also applicable in other areas where you want to protect the real identity of the user. For example, the method and apparatus for generation and authentication alias can also be used in the field of e-Commerce to deliver e-books, etc.

Figure 2 shows the method of generating and authentication alias according to a variant embodiment of the invention. In contrast to figure 1, the method shown in figure 2, involves the participation of three objects: the medical system D210 for use in the hospital, Manager personal identification (PIM) D220 and the user device D230.

According to figure 2, the medical system D210 is a management system that is deployed in a hospital, adapted to manage health documentation and other users and store it. PIM D220 is a server adapted to manage the real user ID and store it. According to a variant implementation, shown in figure 2, the PIM D220 feature a selection of aliases, and can generate a unique primary aliasP_primefor a registered user. However, according to the image is the shadow of the primary alias is not limited to use in the hospital. Alternative, the highlighting feature of aliases can be implemented in a device independent from the PIM D220. For example, HITSP, shown in figure 1, the PIX Manager can save the real user ID and manage it, while the server alias, you can implement the function selection of the primary alias. For system HITSP, PIM D220 shown in figure 2, may, therefore, correspond to the combination of PIX Manager and server alias.

The user device D230 figure 2 may represent any device with processing capabilities, such as mobile phone, personal digital assistant (PDA), a laptop, a smart card, and so forth, additionally adapted to automatically generate one or more podeshevleniyuP_pseuon the basis of primary aliasP_primegenerated by the PIM D220. PodesavanjimaP_pseurecorded in the medical system D210 upon receipt of the user in the hospital. Generating function of podeshevleniyu user device D230, for example, can be implemented in application software loaded on the user device 20, or in functional hardware module that can connect to a user device.

The operation of the method of generation and authentication alias according to Varian is the embodiment of the invention is described with reference to figure 2. According to a variant implementation, shown in figure 2, the method of generation and authentication alias according to the invention can be divided into five phases: phase installation (S210), the phase register primary alias (S230), the phase generation podesavanjima (S250), the phase authentication podesavanjima (S270), and phase tracking of the user ID (S290). However, the specialist in the art it is obvious that the invention is not limited to this embodiment. On the contrary, some stages (for example, the phase tracking user ID) according to a variant implementation is possible, if desired, be omitted, or some steps may be interspersed with each other. The specific operation of the five phases will be described with reference to figure 2.

Installation

The method of generation and authentication alias, as shown in figure 2, proposed on the basis of the encryption method, based on the identity (IBE). In the initial phase of installation S210, the PIM D220 defines a set of public parameters and a set of personal parameters used for the generation and authentication alias on the basis of the method IBE.

At step S211, the PIM D220 selects the basic parameters. In particular, the PIM D220 first selects two Prime numberspandqand selects a random number ∂Z_pfrom the field of integers modp(i.e. theZ_p). the ATEM PIM D220 selects two groups of order q modulo p, G₁andG₂in other words, each selected group ofG₁andG₂hasqfinite elements, and theG₁orG₂is a subset of theZ_p. PIM D220 also chooses bilinear mappingê:G₁×G₁→G₂for use betweenG₁andG₂. Here, the bilinear mappingê:G₁×G₁→G₂means: for all P,QG₁,ê(P,Q) is a member of the groupG₂i.e. theê(P,Q)G₂; and for anya,bZ_p,ê(a_P,b_Q)=ê(P,Q)^ab. Then PIM D220 picks a random generatorgG₁from the groupG₁and selects two irreversible hash functionH₁andH₂. Two hash functions can satisfy the conditions of theH₁:{0,1}^*→G₁andH₂:G₂→{0,1}^*. In other words,H₁this is the first irreversible hash function, which maps a sequence of 0 and 1 arbitrary length (e.g., representing a string of characters) in the group elementG₁andH₂this is the second irreversible hash function, which displays the item group<> G₂in the sequence of 0 and 1 arbitrary length.

Selecting the above-mentioned basic parameters, at step S213, the PIM D220 chooses {g,g^∂,G₁,G₂,ê,H₂,p} from the above-mentioned parameters for the generation of the set of public parameters and selects ∂ H₁as the set personal options. In this case, the set of public parameters {g,g^∂,G₁,G₂,ê,H₂,p} published that allows any other device to retrieve a set of public parameters from the PIM D220. In this case, the set personal options {∂,H₁} equipped with personal protection that allows you to safely generate primary aliasP_primefor the user, when the user performs the registration.

Check

Prior to the first admission, the user may, at its option, to register with a trusted local PIM D220 phase registration S230 to obtain the primary alias.

In particular, at step S231, the user can send the ID of theID_useruser, which is his real ID, the PIM D220 in the registration request using the user device D230 (PDAs), which he carries with him. At step S233, the PIM D220 preservesID_userin the data the x identify the user and generates a primary alias on the basis ofID_userand a predefined set of personal parameters {∂,H₁}. The primary alias is a binary group, one member of which is a first hash value calculated by applying a personal first irreversible hash functionH₁toID_userand another member is the first hash value to the extent ∂. Then, at step S235, the PIM D220 sends the generated primary aliasP_primetogether with the set of public parameters to the user device D230 as a response indicating successful registration. At step S237, the user device D230 preserves the primary aliasP_primeand a set of public parameters, so that in the future, if you wish, you can generate the appropriate podesigned. The registration process ends.

Generation podesavanjima

According to a variant implementation, shown in figure 2, to the PIM D220 not often had to generate aliases for a user, the primary aliasP_primegenerated by the PIM D220, in fact, not used in the hospital. In contrast, the phase S250, each time the user arrives at the hospital, the user device D230 independently generates at least one podesigned on the basis of primary SS is danima P_primereceived from the PIM D220.

In particular, at step S251, the user device D230 selects, for example, two random numbersk₁,k₂Z_pfrom theZ_pon the basis of the stored set of public parameters. Then, at step S253, the user device D230 generates podesigned on the basis of two selected random number of the set of public parameters and primary aliasP_prime. At this stage, the user device D230 can first calculate the following parameters:

;

where,

where- the inverse of the random numberk₂i.e..

Then the user device D230 generates podesignedP_pseu= <Q_A,Q_B,c_A>that contains three members, on the basis of the above calculated parameters.

On the above steps S251~S253, the user device D230 can generate different podesavanjima, choosing different random numberk₁,k₂Z_p. In this case, information about the primary alias without the safe hidden in podesavanjima, as for the generation of podesavanjima a random number is usedk₁,k₂Z_p. Others will be difficult to calculate information about the primary alias by reverse calculation based on the stolen podesavanjima. In addition, sincek₁andk₂are randomly selected among several podesavanjima generated by the same user device D230, will not be related characteristics. Thus, even in case of theft of podeshevleniyu generated by the user device D230, on the basis of these podeshevleniyu not have a primary alias that PIM has assigned to the user device. Thus, the user can safely use generated for him podesigned.

In addition, although in this embodiment, to generate podesavanjima uses two random numbers, a specialist in the art it is obvious that you can generate podesigned on the basis of more than two random parameters in a well-calculated design. Thus, the invention is not limited to two random numbers that are listed in this variant implementation.

Authentication podesavanjima

Each time the user arrives at the hospital, the n uses the generated podesigned for registration in the medical system and hospitals. Phase S270, the medical system D210 hospital first authenticates the authentication of podesavanjima provided by the user device D230, i.e. authenticates generated if podesigned on the basis of primary alias that PIM has assigned to the user to ensure that the real user ID can be monitored with the appropriate PIM.

According to figure 2, the authentication process begins with step S271. On the stage 271 user device D230 sends medical system D210 generated them podesignedP_pseu= <Q_A,Q_B,c_A>and the ID of theID_serverlocal PIM D220 (for example, the name or address of the PIM D220). At step S272, the medical system D210 receives a set of public parameters {g,g^∂,G₁,G₂,ê,H₂,p} from the corresponding PIM D220 on the basis ofID_server. Receiving a set of public parameters, the medical system D210 can authenticate the authentication of podesavanjima provided by the user device D230, by interacting with the user device at step S273.

The authentication process at step 273 can be implemented in various ways. For example, when the user fully trusts the medical system D10 (for example, local medical system, medical system D210 can take the primary alias from the user device D230. Receiving primary alias from the user device D230, the medical system D210 can authenticate that podesigned generated in accordance with the primary alias, and that the primary alias assigned by the Manager D220 personal identity Manager (PIM), identified byID_serveron the basis of primary alias and podesavanjima provided by the user. More preferably, in step S273, the medical system D210 can authenticate podesigned through the exchange without evidence of information transmission from the user device D230. Because the user device D230 is not required to disclose information about his primary alias of the medical system D210 in the process of exchange without evidence of information transmission, the method provides a higher level of protection. The exchange of evidence without information transfer can also be implemented in various ways. Figure 3 shows one implementation.

According to figure 3, at step S373, the medical system D210 chooses a random numbertfrom theZ_pon the basis of the parameterpin the set of public parameters, i.e. thetZ_p. If it is, the medical system D210 can randomly choose the source session keyK_sesand the content ofN_aquery. ContentN_athe request may be a random number or a random string represented by a sequence of 0 and 1. Selecting the parameters, the medical system D210 can generate a request message that contains three members, based on the selected parameterst,K_sesandN_a,gandH₂in the set of public parameters, and accepted podesavanjimaP_pseu= <Q_A,Q_B,c_A> at step S374:

,

whereO_B=ê(g^∂,Q_A).

In this request message, the first member of theg^tcarries information about random numbertthe second memberequivalent encrypted session key, and the third member of theEnc(K_ses,N_a) expresses the encrypted content obtained by encrypting contentN_aasking for a source session keyK_ses. Then, at step S375, the medical system D210 sends a request message to the user device D230 and waits for a response from the user device D230.

On stage S376a, accepting the request message, the user device D230 computes the session keyK*_{ses from the request message according to the following equation:}

_{wheredenotes the exclusive OR operation.}

_{From the above equation it follows that the memberin the right side of the equation represents the encrypted session key included in the request message, and a member of thein the right part of the equation is the supporting member generated by the user device D230 on the basis of primary alias of the set of public parameters and request messages. If the user device D230 stored primary aliasPprimeassigned by the Manager D220 personal identity Manager (PIM), i.e. storedthen the bilinear mappingêin the set of public parameters has the property that the result isin the above equation is exactly equal to 0. Then the encrypted member of the H2(OB^tcA^t) the session key can be deleted to obtain the source session keyKsesi.e. theK*ses=Kses. Then, at the stage S376b encrypted contentEnc(Kses,Na) decrypts the calculated session keyK*sesto obtain a decrypted contentNa*. If CEA is savy key K*ses=Ksesreceived correctly at the stage S376a, the decrypted content can correctly decrypt on stage S376b asNa*=Na. After that, the stage S376c, the user device D230 selects contentNbresponse corresponding to the decrypted contentNa*according to a predetermined rule, agreed in advance with the medical system D210 hospital. In this embodiment, a predetermined rule may be expressed, for example, in the form ofNb=Na*+1. Of course, a predetermined rule is not limited to this case. Selecting the content of the response, the user device D230 can encrypt the content ofNbanswer calculatedK*seson stage S376d for receiving response messagesEnc(K*ses,Nb). At step 377 user device D230 sends a response messageEnc(K*ses,Nbmedical system D210 hospital in response to the request message.}

At step S378, after receiving the response message, the medical system D210 decrypts the received response messageEnc(K*_ses,N_b) the original keyK_sesto obtain a decrypted contentN_b*answer. At step S379, the medical system D210 determines whether the above-mentioned sarane the specific rule between the decrypted content N_b*answer and original contentN_a. For example, in this embodiment, the medical system D210 determines whetherN_b*=N_a+1. As described above, if the user device D230 can correctly calculate the initial session key, i.e. theK*_ses=K_ses, the medical system D210 can correctly decrypt theN_b*=N_b=N_a+1 the original session keyK_ses.In other words, between the decrypted contentN_b*response contentN_athe request followed a predetermined rule. If at step S379 is determined that a predetermined rule between the content ofN_b*response contentN_arequest is observed, this means that podesigned user device D230 is genuine. Equivalently, it is confirmed that podesigned generated on the basis of primary alias assigned by the Manager of personal identity Manager (PIM), identified byID_server.

Due to the above-described authentication, if podesigned authenticated as genuine, the user successfully registers in the medical system D210. Then he can come to the hospital with podesavanjima, and his health document, the information may be stored and operated under the name podesavanjima P_pseu= <Q_A,Q_B,c_A>.

In the above-described authentication process podesigned user device D230, the authenticity of which is subject to authentication, must satisfy the pre-condition, namely that the user device D230 received information about the primary aliasassigned to the PIM D220. Since the set of personal parameters ∂ H₁here is personal, and the first hash functionH₁is irreversible, unauthorized users cannot restore the primary aliason the basis of podesavanjima and the set of public parameters, not knowing ∂ H₁. Thus, the authentication result obtained by the exchange of evidence do not transmit the information on the steps S373~S379, reliable and safe.

According to figure 2, the authentication process is performed between the medical system D210 and the user device D230. PIM D220 not involved in authentication and only provides a set of public parameters, the medical system D210. Regardless of whether the medical system D210 in the region PIM authentication of podesavanjima received by the user, it is possible, therefore, to authenticate provided that the medical system D21 can get a set of public parameters, published PIM D220, for example, in the network. According to a variant implementation, shown in figure 3, the medical system D210 hospital may, therefore, act as a third-party device in any region regardless of the PIM. Accordingly, the method of generation and authentication alias, as shown in figure 2, allows the user to safely use the interregional service alias.

Although podesigned, provided the user device D230, authenticates the medical system D210 according to a variant implementation, shown in figure 2, the invention is not limited to this case. Alternatively, the authentication process can be implemented in the PIM D220. In this case, the user device D230 can send podesignedP_pseu=<Q_A,Q_B,c_A> on the PIM D220. Then PIM D220 interacts with the user device D230 for authentication podesavanjima. Because PIM D220 knows all personal settings, user device D230 can authenticate telling your primary alias Manager D220 personal identity Manager (PIM). Alternatively, authentication may be carried out through the exchange of evidence without transferring information between the PIM D220 and the user device D220.

Tracking user ID</>

According to figure 2, after podesigned, provided the user device D230, authenticated as genuine, as described above, the user can use various medical services in the hospital under the name podesavanjima. However, in some cases, the medical system D210 hospitals may wish to obtain a real IDID_useruser (phase S290).

When you want the real user ID, the medical system D210 sends podesignedP_pseu=<Q_A,Q_B,c_A>provided by the user device D230, PIM D220 at step S291 according to a variant implementation, shown in figure 2. Then, at step S293, the PIM D220 calculates the parameter Ver =ê(g^∂,Q_A)c_Arequest corresponding to podeshevleniyu, on the basis of podesavanjimaP_pseu= <Q_A,Q_B,c_A> and g^∂in the set of public parameters. Then, at step S295, the PIM D220 searches in the database, whereID_userwith option Ver =ê(g^∂,Q_A)c_Aquery. For example, for eachID_userin the database, PIM D220 checks whether there is aID'_usersatisfying the following equation.

If it is determined thatI' _usersatisfies the above equation with the parameterVerrequest, resultID_useris taken as the real user ID corresponding to podeshevleniyu sent with the medical system D210. Finally, at step S297, the PIM D220 returns the result ofID'_userthe medical system D210 hospital. The medical system D210 can, thus, temporarily to contact the user based on real user ID received from the PIM D220, when you need it.

In the above-described process tracking identifierID_useruser corresponding to podeshevleniyu can be found by searching the user IDs in the database. Even if the PIM D220 does not store primary alias that corresponds to the ID of theID_useruser, according to the options of carrying out the invention corresponding to the real user ID can thus be found according to podeshevleniyu from the medical system D210. This mechanism reduces the workload on the PIM D220, while reducing its cost. Of course, the tracking method that meets the invention is not limited to this case, and to find the user ID you can use other alternative methods.

The method of generating and authenticating p is avgonima according to a variant embodiment of the invention has been described in detail above with reference to figure 2. Each step is a logical block diagram shown in figure 2, can be implemented in software, hardware or their combination.

Figure 4 shows an example where three objects exchange messages when the method is presented in figure 2, is implemented in hardware. According to figure 4, the PIM D220 provides a set of public parameters (message M1) of the user device D230 and medical system D210 hospital and assigns primary aliasP_prime(message M3) to the user in response to the request (ID_user) register an alias (message M2) from the user device D230. The user device D230 can generate podesignedP_pseuon the basis of the assigned primary aliasP_primeand send the medical system D210 podesignedP_pseuand IDID_serverPIM D220 (message M4) as the registration request of the hospital. On the basis of podesavanjimaP_pseuand the set of public parameters obtained from the PIM D220 identified byID_server, the medical system D210 can authenticate the authentication of podesavanjimaP_pseutransmitting the request message (message M5) on the user device 30 and receiving the response message (message M6) from the user is skogo device D230. The medical system D210 can also pass on the PIM D220 requesting request (message M7), containing podesignedP_pseuto obtain from the PIM D220 real IDID'_useruser corresponding to podeshevleniyu (message M8). Messages, shown in figure 4, are merely illustrative, while the invention is subject to various modifications and is not limited in this respect.

Figure 5-7 shows the block diagram of each of the three objects shown in figure 4. Specialist in the art it is obvious that each block in the flowcharts figure 5-7, if desired, can be combined with other or can be divided into smaller units in accordance with their functions. Thus, the hardware structure shown in figure 5-7, given by way of example, but not limitation.

Figure 5 shows the block diagram of the PIM D220. According to figure 5, PIM D210 contains block 510, block 520 generating unit 530 definitions, block 540 transmission, storage device 550, block 560 search and block 570 calculations.

According to figure 5, the block 530 definitions can define a set of public parameters {g,g^∂,G₁,G₂,ê,H₂,p} and the set of public parameters used for the generation and authentication alias. The set of public parameters, you can pass through the block 540 transmission Liu the second other device, for example, user device D230 or medical system D210 hospital in any region.

On the one hand, the block 510 reception, shown in figure 5, takesID_user(message M2) from the user device D230. AcceptedID_useris stored in the data storage device 550 for a request from the hospital. At the same time acceptedID_usergoes to block 520 generation. Based on theID_userand set your personal settings ∂ and a specific block 530 definitions, block 520 generation can generate primary aliascorresponding toID_user. The primary aliasP_prime(message M3)generated by block 520 generation, can be sent to the user device D230 through the block 540 transfer.

On the other hand, the block 510 will accept podesignedP_pseu(message M7) from the medical system D210 hospital. According to figure 5, the adopted podesignedP_pseuarrives at block 570 calculations to calculate the parameter Ver =ê(g^∂,Q_A)c_Aquery. Block 570 calculation displays the calculated parameter Ver request block 560 search. On the basis of the input parameterVerquery block 560 search can search in the database of the storage device 550 on the subject ofID'_userwith what slowjam . If it can be found, block 560 search can send foundID'_userthe medical system D210 through the block 540 transmission as a user ID corresponding to podeshevleniyuP_pseu(message M8).

Figure 6 shows the block diagram of the user device D230 according to a variant embodiment of the invention. According to Fig.6, the user device D230 contains block 610 reception, storage device 620, block 630 generation, which includes block 632 choice and block 636 calculation unit 640 transmission and block 650 authentication, which includes block 652 obtain a session key block 654 and decryption block 656 encryption.

On the one hand, block 640 transmission, shown in Fig.6, sends real IDID_userthe user pre-stored in the storage device 620, as registration request (message M2) on the PIM D220. Then block 610 accept from the PIM D220 response registration, i.e. the primary alias(message M3). At the same time, block 610 also receives a set of public parameters {g,g^∂,G₁,G₂,ê,H₂,p} (message M1) from the PIM D220. Adopted a set of public parameters and the primary aliasP_primestored in the storage device 620 for use when generating pumps is danima. In block 630 generation unit 632 selection selects two random numbersk₁andk₂on the basis of the stored set of public parametersk₁,k₂Z_pand sends them to block 636 calculations. Block 636 calculations can generate podesignedP_pseu= <Q_A,Q_B,c_A>k₁andk₂, the set of public parameters and primary aliasP_primestored in the storage device. Generated podesignedP_pseu= <Q_A,Q_B,c_A> and the ID of theID_serverPIM D220 (message M4) can be transferred to the medical system D210 through the block 640 transmission, for use in the hospital.

On the other hand, after the block 640 transmission sends podesignedP_pseu= <Q_A,Q_B,c_A> in the medical system D210, the medical system D210 can authenticate the authentication of podesavanjima. For example, block 610 reception at 6 receives a messagerequest for authentication (message M5) medical system D210. The received request message arrives at block 652 obtain the session key in block 650 authentication. Block 652 obtain the session key vychislyaet the session key K*_seson the basis of the set of public parameters and primary alias stored in the storage device 620 according to the following equation:

The calculated session keyK*_sesarrives at block 654 decryption. Block 654 decryption decrypts the encrypted contentEnc(K_ses,N_ain the request message the calculated session keyK*_sesto obtain a decrypted contentN_a*. The decrypted contentN_a*arrives at block 656 encryption. Block 656 encryption selects contentN_bresponse corresponding to the decrypted contentN_a*according to a predetermined rule, and encrypts the contentN_banswer computed the session keyK*_sesto receive response messagesEnc(K*_ses,N_b). Response messageEnc(K*_ses,N_b) (message M6) can be passed through the block 640 transmission in the medical system D210 for authentication. The block authentication can be implemented by various means, not limited to the configuration shown in Fig.6.

7 shows the configuration of the medical system D210 according to a variant embodiment of the invention. According to Fig.7, the medical system D210 contains block 710 reception : size is nausea device 730, block 740 authentication and block 750 transmission. Block 740 authentication contains the block 741 selection, block 743 generation request message, block 745 decryption and block 747 definition.

According to Fig.7, the block 710 accept podesignedP_pseuand IDID_serverto identify the PIM D220, with which the user is actually logged. According to Fig.7, the block 710 accept podesignedP_pseuand IDID_serverto identify the PIM D220, which registers the user (message M4), from the user device D230. A receiving unit (not shown) receives a set of public parameters {g,g^∂,G₁,G₂,ê,H₂,p} (message M1), published by the relevant PIM D220 through the block 710 reception, on the basis ofID_server. AcceptedP_pseuand a set of public parameters stored in the storage device 730 and sent to block 740 authentication at the same time to confirm the authenticity of theP_pseuwe can authenticate in block 740 authentication. The authentication unit, shown in Fig.7, can be implemented in various ways. 7 shows only one of these methods.

In particular, block 741 selection in block 740 authentication selects a random numbert Z_poriginal session keyK_sesand the content ofN_arequest to generate a request message. The original session keyK_sesis used to encrypt contentN_arequest for obtaining the encrypted contentEnc(K_ses,N_a). Based on the selected parameter, the selected block 741 choice, podesavanjima and the set of public parameters, block 743 generation request message generates a messagerequest and sends the request message (message M5) on the user device D230 through the block 750 transmission. Then, taking the response message ofEnc(K*_ses,N_b) (message M6) from the user device D230, block 710 reception sends a response message at block 740 authentication. Block 745 decryption block 740 decrypts the authentication response messageEnc(K*_ses,N_b) the original session keyK_ses. Block 747 definition determines whether a predetermined rule between the decrypted contentN_b*response contentN_arequest, and determines that podesignedP_pseuauthenticated as a genuine subject of a pre-defined rule.

Specific embodiments of the invention described above with reference to Fig-7. In these embodiments, the implementation of the user device can safely generate at least one podesigned on the basis of primary alias from the PIM D220 at every hospital visit. Thus, according to variants of the invention, the PIM D220 not have to frequently generate aliases for the user, and the workload on PIM reduced.

In addition, according to the above-described variants of the medical system D210 hospital can authenticate podesigned generated by the user, by interacting with the user device D230 on the basis of the set of public parameters obtained from the PIM D220. Thus, podesigned generated by the user, can be used in hospitals in different regions and, thus, it is possible to implement interregional service alias.

Additionally, according to the above-described variants of the implementation of the PIM D220 can find the appropriate user ID, fingering theID_userstored in the database for the corresponding user ID on the basis of podesavanjima provided by the medical system D210. Thus, the PIM D220 do not want to keep the primary alias for each user, which further reduces database requirements for PIM D220 and, thus,reduces its value.

Specific embodiments of the invention described above with reference to the accompanying drawings. Note that the above-described embodiments of the above to illustrate and not to limit the invention. Specialist in the art can offer various improvements and modifications of the invention in relation to the device and method, without departing from the scope of the invention, the scope of which is defined by the claims. In addition, no symbol in the claims is not intended to limit the claims.

1. The method of controlling a personal identification containing phases in which
define a set of public parameters and a set of personal parameters, and a set of public parameters is a {g,g^∂,G₁,G₂,ê,H₂,p},
where
G₁andG₂two of the selected group of order q modulo p, whereqis a Prime number,
ê- bilinear mapping, andê:G₁×G₁→G₂,
g- random generator selected from the groupG₁;
H₂a one - way hash function andH₂:G₂→{0,1}^*and
H₁:{0,1}^*→G₁,
take the ID of theID_useruser from the user device
generate primary aliason the basis of a certain set of personal parameters andID_userwhereH₁a one - way hash function, ∂ is a random number selected from theZ_pandp- selected Prime number, and
transmit the primary aliasP_primeand a set of public parameters to the user device.

2. The method according to claim 1, further comprising stages, which are:
take podesignedP_pseu= <Q_A,Q_B,c_A> from third-party devices, where
,
andwhere,and,
k₁andk₂- a random number selected from theZ_pon the basis of the set of public parameters,
calculate the parameter Ver =ê(g^∂,Q_A)c_Arequest on the basis of podesavanjimaP_pseuand the set of public parameters,
looking for the ID of theID'_useruser among the stored user IDs on the basis of the parameterVerrequest, provided thatê(Q_B,H^∂(ID'_user)) =Verand
passedID'_useron a third-party device as the identifier p is Lisovets, the correspondingP_pseu.

3. The method according to claim 1, additionally containing phases in which
accept the request received from the other device, and
transmit the set of public parameters to a third-party device in response to the request is received.

4. The method according to claim 1, additionally containing phases in which
take podesignedP_pseufrom the user device, and
authenticate the authentication of podesavanjimaP_pseuby interacting with the user device.

5. The way the management of personal identification to the user device, the method contains the steps that
pass the ID of theID_useruser Manager personal identity Manager (PIM),
accept PIM a set of public parameters and the primary aliasP_primecorresponding toID_userand the set of public parameters is a {g,g^∂,G₁,G₂,ê,H₂,p},
where
pis a Prime number, and ∂ is a random number selected from theZ_p,
G₁andG₂two of the selected group of order q modulo p, whereqis a Prime number,
ê- bilinear mapping, andê:G₁×G₁→G₂,
g- random generator selected from GRU the p G₁;
H₂a one - way hash function andH₂:G₂→{0,1}^*,
and the primary alias is a,
whereH₁a one - way hash function, andH₁:G₁→{0,1}^*and
choose at least two of the random parameter, and generate podesignedP_pseuon the basis of at least two random parameters, the set of public parameters and primary aliasP_prime.

6. The method according to claim 5,
in which at the stage of generation of podesavanjimaP_pseu
choose two random numbersk₁andk₂from theZ_pon the basis of the set of public parameters,
calculate, based on the selected random numberk₁andk₂, the set of public parameters and primary aliasP_primeparameters
,
,
where,andand
generate podesignedP_pseu= <Q_A,Q_B,c_A> based on the calculated parameters.

7. The method according to claim 6, further comprising stages, which
transmit third-party device podesignedP_pseuand IDID_serverthe La identify PIM and
authenticate the authentication of podesavanjimaP_pseuby interacting with external device as the authenticator.

8. The method according to claim 6, further comprising stages, which
pass podesignedP_pseuin PIM, and
authenticate the authentication of podesavanjimaP_pseuby interacting with PIM as the authenticator.

9. The method according to claim 7 or 8, in which the step authentication
authenticate the authentication of podesavanjimaP_pseuthrough the exchange of evidence do not transmit the information to the authenticator.

10. The method according to claim 9, in which at the stage of exchange of evidence without the transfer of information from the authenticator
receive a request message from the authenticator, and the request message is generated in accordance with a set of public parameters and podesavanjimaP_pseuand is expressed as,
wheretis a random number selected by the authenticator fromZ_p,
O_B=ê(g^∂,Q_A),
K_ses- the original session key chosen by the authenticator,
N_a- the content of the request, randomly selected by the authenticator, and
Enc(K_ses,N_a) - encrypted content obtained by encrypting contentN_athe query is similar to the session key K_ses,
compute the session keyK*_sesaccordingon the basis of the request message and the primary aliasP_prime,
decrypting the encrypted contentEnc(K_ses,N_a) using the session keyK*_sesto obtain a decrypted contentN_a*,
choose contentN_bresponse corresponding to the decrypted contentN_a*according to a predetermined rule, encrypting contentN_bresponse using the session keyK*_sesto receive response messagesEnc(K*_ses,N_b), and
transmit a response messageEnc(K*_ses,N_b) on the authenticator.

11. The authentication alias for a third party device, the method contains the steps that
receive from the user device podesignedP_pseuand IDID_serverto identify a Manager's personal identity Manager (PIM),
receive from a network a set of public parameters based on the ID of theID_serverand the set of public parameters is a {g,g^∂,G₁,G₂,ê,H₂,p},
wherepis a Prime number, and ∂ is a random number selected from theZ_p,
G₁and ₂- two groups of order q modulo p, whereqis a Prime number,
ê- bilinear mapping, andê:G₁×G₁→G₂,
g- random generator inG₁,
H₂a one - way hash function, andH₂:G₂→{0,1}^*and
authenticate the authentication of podesavanjimaP_pseuby interacting with the user device based on the set of public parameters.

12. The method according to claim 11, in which the step authentication
authenticate the authentication of podesavanjimaP_pseuthrough the exchange without evidence of information transmission from the user device.

13. The method according to item 12, in which at the stage of exchange of evidence do not transmit the information
choose a random numbertfrom theZ_p,
select the source session keyK_sesand the content ofN_arequest and encrypt the content ofN_aasking for a source session keyK_sesto obtain encrypted contentEnc(K_ses,N_a),
generate messagerequest on the basis of random numberst, the set of public parameters, podesavanjimaP_pseuand the encrypted contentEnc(K_ses,N_a), whereO_B=ê(g/i> ^∂,Q_A), where
,
and
where,and,
k₁andk₂- a random number selected from theZ_pon the basis of the set of public parameters,
transmit the request message to the user device,
accept response messageEnc(K*_ses,N_b) from the user device, whereK*_ses- the session key computed by a custom device from the request message, andN_b- the content of the response, the selected user device according to a predetermined rule on the basis of the content of the request, the decrypted fromEnc(K_ses,N_a),
decrypting the response message of the original session keyK_sesand
determine whether a predetermined rule between the decrypted contentN_b*response contentN_arequest for authentication confirmation of the authenticity of podesavanjimaP_pseu.

14. The method according to claim 11, in which
pass podesignedP_pseuin PIM, and
take the ID'_useruser from PIM as IDID_useruser sootvetstvujushej is podeshevleniyu P_pseu.

15. Manager personal identity Manager (PIM)that contains
the definition block, adapted to determine a set of public parameters and a set of personal parameters, and a set of public parameters is a {g,g^∂,G₁,G₂,ê,H₂,p},
wherepis a Prime number, and ∂ is a random number selected from theZ_p,
G₁andG₂- two groups of order q modulo p, whereqis a Prime number,
ê- bilinear mapping, andê:G₁×G₁→G₂,
g- random generator inG₁and
H₂a one - way hash function, andH₂:G₂→{0,1}^*,
and the primary aliaswhereH₁a one - way hash function, andH₁:G₁→{0,1}^*,
a reception unit adapted to receive the ID of theID_useruser,
a generation unit adapted to generate a primary aliason the basis of the set personal options andID_userwhereH₁a one - way hash function, ∂ is a random number selected from theZ_pandp- selected Prime number, and
a transmission unit adapted to transmit the primary aliasP_primethe user is some device.

16. Manager personal identification § 15, in which the reception unit is additionally adapted to take podesignedP_pseu= <Q_A,Q_B,c_A> from third-party devices,
moreover, PIM additionally contains
a computing unit adapted to compute the parameter Ver =ê(g^∂,Q_A)c_Arequest on the basis of podesavanjimaP_pseuand the set of public parameters, and
the search block, adapted to search for the ID of theID'_useruser in the storage device, whereID_userbased on the query parameter, provided thatê(Q_B,H^∂(ID'_user)) =Ver,
and the transmission unit is additionally adapted to passID'_useras a user identifier corresponding to podeshevleniyuP_pseuon a third-party device, where
,
and
where,and,
k₁andk₂- a random number selected from theZ_pon the basis of the set of public parameters.

17. The user device containing
a transmission unit adapted to transmit the ID of theID_userPaul is the user Manager personal identity Manager (PIM),
a reception unit adapted to receive a set of public parameters and the primary aliasP_primecorresponding toID_userfrom PIM, and a set of public parameters is a {g,g^∂,G₁,G₂,ê,H₂,p},
wherepis a Prime number, and ∂ is a random number selected from theZ_p,
G₁andG₂- two groups of order q modulo p, whereqis a Prime number,
ê- bilinear mapping, andê:G₁×G₁→G₂,
g- random generator inG₁and
H₂a one - way hash function, andH₂:G₂→{0,1}^*,
and the primary alias,
whereH₁a one - way hash function, andH₁:G₁→{0,1}^*and
a generation unit adapted to select at least two random parameter and generate podesignedP_pseuon the basis of at least two random settings, open settings and primary aliasP_prime.

18. Custom device 17, in which the generating block contains
block selection, adapted to select two random numbersk₁andk₂from theZ_pand
a computing unit adapted to compute pumpside what they P_pseu= <Q_A,Q_B,c_A> based on the selected random numberk₁andk₂, the set of public parameters and primary aliasP_primewhere
,
and
where,and.

19. User device b, in which
the transmission unit is additionally adapted to transmit podesignedP_pseuand IDID_serverto identify the PIM to a third-party device,
moreover, the user device further comprises an authentication unit adapted to authenticate podesignedP_pseuby interacting with the third party device via the transmission unit and the reception unit.

20. The user device according to claim 19, in which the authentication unit adapted to authenticate the authentication of podesavanjimaP_pseuthrough the exchange of evidence do not transmit the information with a third party.

21. The user device according to claim 20, in which the authentication unit adapted to receive the request message from the external device via the reception unit, and the request message is generated in accordance with a set of public parameters by podesavanjima P_pseuand is expressed as,
wheretis a random number in theZ_pi.e. thetZ_p,
O_B=ê(g^∂,Q_A),
K_ses- the initial session key, the selected external device,
N_a- the content of the request, randomly selected by a third-party device, and
Enc(K_ses,N_a) - encrypted content obtained by encrypting contentN_aasking for a source session keyK_ses,
moreover, the authentication unit contains
the unit receiving the session key, adapted to calculate a session keyK*_sesaccording to the equationon the basis of the received request message,
block decryption adapted to decrypt the encrypted contentEnc(K_ses,N_a) using the session keyK*_sesto obtain a decrypted contentN_a*and
the block cipher is adapted to select contentN_bresponse corresponding to the decrypted contentN_a*according to a predetermined rule, and to encrypt the selected contentN_bresponse using the session keyK*_sesto receive response messagesEnc(K*_ses,N_b),
and block the transmission is additionally adapted to transmit a response message Enc(K*_ses,N_b) to a third-party device.

22. Third-party device with which the user requests a service, with a third-party device contains
a reception unit adapted to receive from the user device podesignedP_pseuand IDID_serverto identify a Manager's personal identity Manager (PIM),
a transmission unit adapted to transmit information to the user device,
a receiving unit adapted to receive a set of public parameters from the PIM based on the ID of theID_serverand the set of public parameters is a {g,g^∂,G₁,G₂,ê,H₂,p},
wherepis a Prime number, and ∂ is a random number selected from theZ_p,
G₁andG₂- two groups of order q modulo p, whereqis a Prime number,
ê- bilinear mapping, andê:G₁×G₁→G₂,
g- random generator inG₁and
H₂a one - way hash function, andH₂:G₂→{0,1}^*and
the authentication unit adapted to authenticate the authentication of podesavanjimaP_pseuby interacting with the user device via the transmission unit is a unit of reception on the basis of the set of public parameters.

23. Third-party device according to item 22, in which the authentication unit adapted to authenticate the authentication of podesavanjimaP_pseuthrough the exchange without evidence of information transmission from the user device.

24. Third-party device according to item 23, in which the authentication unit contains
block selection, adapted to select a random numbertfrom theZ_pto select the source session keyK_sesand the content ofN_arequest and encrypt the content ofN_aasking for a source session keyK_sesto obtain encrypted contentEnc(K_ses,N_a),
the block generation request message, adapted to generate a messagerequest on the basis of random numberst, the set of public parameters, podesavanjimaP_pseuand the encrypted contentEnc(K_ses,N_a), whereO_B=ê(g^∂,Q_A), and transmit the request message to the user device via the transmission unit,
block decryption adapted to decrypt the response message ofEnc(K*_ses,N_b), received from the user device via the reception unit, the original session keyK_seswhereK*_ses- the session key calculated by iowatelecom device from the request message, andN_b- the content of the response, the selected user device according to a predetermined rule on the basis of the content of the request, the decrypted fromEnc(K_ses,N_a), and
the definition block, adapted to determine whether a predetermined rule between the decrypted contentN_b*response contentN_arequest, and to authenticate podesignedP_pseuas a genuine subject of a pre-defined rule.

25. Third-party device according to paragraph 24, in which
the transmission unit is additionally adapted to transmit podesignedP_pseuin PIM, and
the reception unit is additionally adapted to receive the user ID corresponding to podeshevleniyuP_pseufrom PIM.

26. Third-party device according to item 22, in which the external device is a medical system in the hospital.