[go: up one dir, main page]

WO2020067616A1 - Encryption key generation module for protecting data securely - Google Patents

Encryption key generation module for protecting data securely Download PDF

Info

Publication number
WO2020067616A1
WO2020067616A1 PCT/KR2019/002610 KR2019002610W WO2020067616A1 WO 2020067616 A1 WO2020067616 A1 WO 2020067616A1 KR 2019002610 W KR2019002610 W KR 2019002610W WO 2020067616 A1 WO2020067616 A1 WO 2020067616A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
data
random number
position value
generation module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/KR2019/002610
Other languages
French (fr)
Korean (ko)
Inventor
이상우
박진기
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Image & Information Co Ltd
Original Assignee
Image & Information Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Image & Information Co Ltd filed Critical Image & Information Co Ltd
Publication of WO2020067616A1 publication Critical patent/WO2020067616A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry

Definitions

  • the present invention relates to a cryptographic key generation module that securely protects data, and more specifically, after extracting a table corresponding to a numerical value obtained by modulating the sum of all data of a plurality of tables by the number of tables, the sum of the data of the extracted tables
  • An encryption key generation module that secures the data that is encrypted by signing and storing the key generated by repeatedly setting the value modulated by the table size to the location value and key, and repeating the location value and key for the key length in the same way. It is about.
  • Korean Patent Registration No. 10-1865703, “Key Generation Method and Device, Encryption Device and Method,” includes a key including an ID generated according to a preset ID constraint from a key requesting terminal.
  • a receiving unit receiving a request for generation; The secret parameter value corresponding to the position in the received ID of each symbol included in the received ID from the secret parameter table including the secret parameter value for each location in the ID for all symbols available according to the ID constraint condition
  • a secret key generation unit that extracts them and generates a secret key corresponding to the received ID using the extracted secret parameter values;
  • a key information providing unit that provides the secret key to the key requesting terminal.
  • the prior art has a problem in that it takes a long time to generate a secret parameter table and a public parameter table from a secret parameter using an ID as a key generation method for encryption, and generates a secret key through this. As it is generated, the installed key may be leaked when the ID is leaked, so there is a problem in that data accumulated in all devices cannot be safely protected.
  • the present invention has been devised to solve the above problems, and the present invention has an object to generate a key so that it is not able to recognize what data the data is even if the data is arbitrarily taken from the outside.
  • An encryption key generation module that securely protects data according to an embodiment of the present invention for achieving the above technical problem is an area occupied by encrypted data and a signature value in a given memory allocation area for data protection
  • a table generator for sequentially dividing other areas and sequentially generating a plurality of tables;
  • the value modulated by the total number of data values of each of the sequentially generated multiple tables with the number of the generated multiple tables corresponds to the sequentially generated multiple table sequence numbers and extracts the tables corresponding to the sequence numbers
  • a table extraction unit A value modulated by summing the sum of the data values of the extracted table into a table size is the first data position value of the table random number, and sets a random number corresponding to the first data position value as a first key and the first data position value.
  • a key setting that repeatedly sets the key by a key length by setting the random number corresponding to the table size as the second data position value of the table random number and setting the random number corresponding to the second data position value as the second key Wealth; And a storage unit that combines the key generated by the key length with data, encrypts it, signs it, and stores it.
  • the data is securely stored by encrypting the data and has a safe effect from external exposure
  • the key for encrypting the data has the effect that the data is securely protected by random numbers generated differently for each device, and the key is found by mod. Therefore, the process of finding the key has a very fast effect.
  • 1 is a block diagram of an encryption key generation module for securely protecting data according to an embodiment of the present invention
  • FIG. 2 is an exemplary diagram of creating multiple tables according to an embodiment of the present invention.
  • the encryption key generation module that securely protects the data includes a table generation unit 100, a table extraction unit 200, and a key. It consists of a setting unit 300 and a storage unit 400.
  • the table generating unit 100 sequentially generates a plurality of tables by dividing an area other than the area occupied by the encrypted data and the signature value in the memory allocation area given for data protection. .
  • the table generation unit 100 remains in the region C except for the region B occupied by the encrypted data and the signature value in the memory region A, and any region such as D for the region C Create multiple tables sequentially from Table 1, Table 2, Table 3 to Table n by assigning.
  • the table extractor 200 modulates the sum of each data value of each of the sequentially generated multiple tables with the number of the generated multiple tables, corresponding to the sequentially generated multiple table numbers, and the The table corresponding to the sequence number is extracted.
  • the table extraction unit 200 is the number of data and data size shown in FIG. 3 is only a small unit to help the understanding of the present invention, which will be described in detail with reference to FIG. 3, the table generation unit Tables 1, 2, 3, and 4 are sequentially generated in (100), and each of Tables 1, 2, 3, and 4 has 3 data, and each of Table 1 has 1, 2, With 3 data values, Table 2 has 4, 5, and 6 data values, Table 3 has 7, 8, and 9 data values, and Table 4 has 10, 11, and 12 data values. If it is, the sum of the data values, that is, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, which is 78, modulates the number of tables, that is, 4, it becomes 2, and through 2 The third table 3 is extracted.
  • the number produced by X mod 4 is 0, 1, 2, 3, so when selecting a table, the table number is counted from 0. If the number from X mod 4 is 2, it is the third table.
  • the key setting unit 300 sets a total number of data values of the extracted table to a table size, and a value corresponding to the first data position value is a first key while the first data position value of the table random number is modulated.
  • the length of the key is such that the random number corresponding to the first data position value is modulated by the table size, and the second data position value of the table random number is set and the random number corresponding to the second data position value is set as the second key. Repeat as many times to set the key.
  • the key setting unit 300 is for setting a key necessary for encrypting data, as described with reference to the table random number shown in FIG. 4, and the sum of the data values of the extracted table is set to the table size. If the modulated value is 5, the random number BO shown in FIG. 4 is given as the data position value 0, the random number C8 is the data position value 1, and the random number 84 is the data position value 2 according to 5 corresponding to the first data position value. A shown in, that is, corresponds to the random number FD and sets the random number FD as the first key.
  • the random number FD value corresponding to the first data position value is F 15 ⁇ 16 1 and D is 13 ⁇ 16 0, modulating the sum 253 to a table size of 256 results in B shown in FIG. 4, that is, random number C3.
  • the corresponding random number C3 is the second data position value and is set by the second key.
  • the random number C3 corresponding to the second data position value is C 12 ⁇ 16 1 and 3 ⁇ 16 0
  • modulating the sum 195 to the table size 256 corresponds to C shown in FIG. 4, that is, the random number 60
  • the random number 60 is set as the third key while being the third data position value.
  • the key setting unit 300 repeatedly sets a key by a key length in the same way as illustrated above, and it is preferable to set the key according to the algorithm because the key length is different for each algorithm. .
  • the key setting unit 300 regenerates a random number to generate the same key when the keys are continuously generated.
  • the key setting unit 300 will be described with reference to the table random number shown in FIG. 5. If the value modulating the sum of the data values of the table by the table size is 54, the first position value of 54 is FIG. 5. A shown in, that is, the random number 4A and the random number 4A is the first data position value and is set as the first key.
  • the random number 4A corresponding to the first data position value is 4 being 4 ⁇ 16 1 and A is 10 ⁇ 16 0, modulating the sum 74 to the table size 256, B shown in FIG. 5, that is, random number 12 and random number Set 12 as the second data position value and the second key.
  • the random number 12 corresponding to the second data position value is 1 1 ⁇ 16 1 and 2 is 2 ⁇ 16 0 , if the sum 18 is modulated to the table size 256, C shown in FIG. 5 is random number F0.
  • the random number F0 is set to the third key while being the third data position value.
  • the random number F0 corresponding to the third data position value is F 15 ⁇ 16 1 and 0 is 0 ⁇ 16 0
  • the sum 240 is modulated to the table size 256, C shown in FIG. 5, that is, the random number F0 and the random number F0 should be set as the fourth data position value and the fourth key, but F0, which is the fourth data position value and the fourth key, is the same as F0 set as the third data position value and the third key.
  • the key setting unit 300 regenerates with a different random number instead of the repeated F0 because it is a problem in key generation during encryption as only the random number FO generates the same value F0.
  • the same symmetric key encryption algorithm is used for decryption and the same key is used.
  • the encryption algorithm is to generate a key by using a symmetric key algorithm and repeating the length of the key according to the key length used in the symmetric key encryption algorithm.
  • the key setting unit 300 preferably uses a self-generated random number generated for each device.
  • the encryption key generation module that securely protects the data of the present invention stably protects data because it is not exposed outside the key as the key setting unit 300 uses a self-generated random number for each device.
  • the storage unit 400 encrypts the key generated by the key length with the data, encrypts it, signs it, and stores it.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to an encryption key generation module for protecting data securely, which: extracts a table corresponding to a numerical value which is the sum of all data of a plurality of tables mod the number of the tables and then sets, as a position value and a key, a numerical value which is the sum of data of the extracted table mod the size of the table; and combines, with data, keys generated by repeating the position value and the key by the same method as long as the length of the key so as to encrypt, sign, and then store the keys. Accordingly, the present invention has the effects of: data being safely stored and being safe from being exposed to the outside as the data is encrypted; data being protected securely due to random numbers configured such that keys for encrypting the data are generated differently for each device; and a key retrieval process being very fast as the key is retrieved through the modulo operation.

Description

데이터를 안전하게 보호하는 암호화 키 생성 모듈Encryption key generation module to secure data

본 발명은 데이터를 안전하게 보호하는 암호화 키 생성 모듈에 관한 것으로서, 더욱 상세하게는 다수의 테이블이 갖는 모든 데이터의 합을 테이블 수로 mod하여 나온 수치에 해당하는 테이블을 추출한 후 추출된 테이블의 데이터 총합을 테이블 크기로 mod한 수치를 위치값과 키로 설정하고 같은 방법으로 위치값과 키를 키 길이 만큼 반복하여 생성된 키를 데이터와 결합하여 암호화하고 서명한 후 저장하는 데이터를 안전하게 보호하는 암호화 키 생성 모듈에 관한 것이다.The present invention relates to a cryptographic key generation module that securely protects data, and more specifically, after extracting a table corresponding to a numerical value obtained by modulating the sum of all data of a plurality of tables by the number of tables, the sum of the data of the extracted tables An encryption key generation module that secures the data that is encrypted by signing and storing the key generated by repeatedly setting the value modulated by the table size to the location value and key, and repeating the location value and key for the key length in the same way. It is about.

종래에 데이터를 암호화하기 위한 키 생성 과정은 있으나 단순 데이터로 키 노출이 발생하여 노출된 키 노출로 인하여 데이터가 유출되는 문제점이 있었다.There is a key generation process for encrypting data in the related art, but there is a problem in that data is leaked due to exposure of the exposed key due to exposure of the key as simple data.

또한, 종래 기술 중 키를 내부의 정형화 된 곳에서 나오는 데이터를 활용하여 기기마다 동일한 테이블에서 키를 순차적으로 획득하여 사용함에 따라 키 노출이 쉬운 문제점이 있었다.In addition, in the related art, there is a problem in that the key is easily exposed as the key is sequentially obtained and used in the same table for each device by utilizing data coming from the standardized place inside.

키 생성과 관련되 종래의 기술로서, 대한민국등록특허공보 제10-1865703호인 “키 생성 방법 및 장치, 암호화 장치 및 방법”은 키 요청 단말로부터 기 설정된 아이디 제약 조건에 따라 생성된 아이디를 포함하는 키 생성 요청읓 수신하는 수신부; 상기 아이디 제약 조건에 따라 이용 가능한 모든 심볼들 각각에 대한 아이디 내 위치별 비밀 파라미터 값을 포함하는 비밀 파라미터 테이블로부터 상기 수신된 아이디에 포함된 각 심볼들의 상기 수신된 아이디 내 위치에 대응하는 비밀 파라미터 값들을 추출하고, 추출된 비밀 파라미터 값들을 이용하여 상기 수신된 아이디에 대응하는 비밀키를 생성하는 비밀키 생성부; 및 상기 비밀키를 상기 키 요청 단말로 제공하는 키 정보 제공부를 포함한다.As a conventional technique related to key generation, Korean Patent Registration No. 10-1865703, “Key Generation Method and Device, Encryption Device and Method,” includes a key including an ID generated according to a preset ID constraint from a key requesting terminal. A receiving unit receiving a request for generation; The secret parameter value corresponding to the position in the received ID of each symbol included in the received ID from the secret parameter table including the secret parameter value for each location in the ID for all symbols available according to the ID constraint condition A secret key generation unit that extracts them and generates a secret key corresponding to the received ID using the extracted secret parameter values; And a key information providing unit that provides the secret key to the key requesting terminal.

상기 종래의 기술은 암호화를 위한 키 생성 방법으로 아이디를 이용하여 비밀 파라미터로부터 비밀 파라미터 테이블, 공개 파라미터 테이블을 생성하고 이를 통해 비밀키를 생성하는데 시간이 오래 소요되는 문제점이 있고 아이디로 장치마다 키를 생성함에 따라 아이디 유출시 설치된 키가 유출될 수 있어서 모든 장치에 축적된 데이터가 안전하게 보호되기 어려운 문제점이 있었다.The prior art has a problem in that it takes a long time to generate a secret parameter table and a public parameter table from a secret parameter using an ID as a key generation method for encryption, and generates a secret key through this. As it is generated, the installed key may be leaked when the ID is leaked, so there is a problem in that data accumulated in all devices cannot be safely protected.

따라서, 본 발명은 상기 문제점을 해결하기 위하여 안출된 것으로서, 본 발명은 데이터를 외부에서 임의로 취하여도 해당 데이터가 무슨 데이터인지 인지할 수 없도록 키를 생성하는데 그 목적이 있다.Therefore, the present invention has been devised to solve the above problems, and the present invention has an object to generate a key so that it is not able to recognize what data the data is even if the data is arbitrarily taken from the outside.

상기한 기술적 과제를 달성하기 위한 본 발명의 일실시예에 따른 데이터를 안전하게 보호하는 암호화 키 생성 모듈은 데이터보호(Data Protection)를 위해 주어진 메모리 할당 영역 내에서 암호화된 데이터와 서명값에 의해서 차지하는 영역 이외의 영역을 분할하여 다수의 테이블을 순차적으로 생성하는 테이블 생성부와; 상기 순차적으로 생성된 다수의 테이블 각각이 갖는 각 데이터값의 총합을 상기 생성된 다수의 테이블 개수로 mod한 값이 상기 순차적으로 생성된 다수의 테이블 순번에 해당되고 상기 순번에 해당되는 테이블을 추출하는 테이블 추출부와; 상기 추출된 테이블이 갖는 데이터값의 총합을 테이블 크기로 mod한 값이 테이블 난수의 제 1 데이터위치값이이면서 상기 제 1 데이터위치값에 해당하는 난수를 제 1 키로 설정하고 상기 제 1 데이터위치값에 해당하는 난수를 테이블 크기로 mod한 값이 테이블 난수의 제 2 데이터위치값이면서 상기 제 2 데이터위치값에 해당하는 난수를 제 2 키로 설정하는 방식으로 키 길이 만큼 반복하여 키를 설정하는 키 설정부와; 및 상기 키 길이 만큼 생성된 키를 데이터와 결합하여 암호화하고 서명한 후 저장하는 저장부로 이루어진 것을 해결 수단으로 한다. An encryption key generation module that securely protects data according to an embodiment of the present invention for achieving the above technical problem is an area occupied by encrypted data and a signature value in a given memory allocation area for data protection A table generator for sequentially dividing other areas and sequentially generating a plurality of tables; The value modulated by the total number of data values of each of the sequentially generated multiple tables with the number of the generated multiple tables corresponds to the sequentially generated multiple table sequence numbers and extracts the tables corresponding to the sequence numbers A table extraction unit; A value modulated by summing the sum of the data values of the extracted table into a table size is the first data position value of the table random number, and sets a random number corresponding to the first data position value as a first key and the first data position value. A key setting that repeatedly sets the key by a key length by setting the random number corresponding to the table size as the second data position value of the table random number and setting the random number corresponding to the second data position value as the second key Wealth; And a storage unit that combines the key generated by the key length with data, encrypts it, signs it, and stores it.

이상 설명한 바와 같이, 본 발명은 데이터를 암호화하여 안전하게 저장하고 외부 노출로부터 안전한 효과가 있고 데이터를 암호화하는 키가 장치마다 다르게 생성된 난수로 인하여 데이터가 안전하게 보호되는 효과가 있으며 mod로 키를 찾음에 따라 키 찾는 과정이 매우 빠른 효과가 있다.As described above, according to the present invention, the data is securely stored by encrypting the data and has a safe effect from external exposure, and the key for encrypting the data has the effect that the data is securely protected by random numbers generated differently for each device, and the key is found by mod. Therefore, the process of finding the key has a very fast effect.

도 1은 본 발명의 일실시예에 따른 데이터를 안전하게 보호하는 암호화 키 생성 모듈 구성도1 is a block diagram of an encryption key generation module for securely protecting data according to an embodiment of the present invention

도 2는 본 발명의 일실시예에 따른 다수의 테이블 생성 예시도2 is an exemplary diagram of creating multiple tables according to an embodiment of the present invention.

도 3은 본 발명의 일실시예에 따른 테이블 추출 예시도3 is an exemplary table extraction according to an embodiment of the present invention

도 4는 본 발명이 일실실예에 따른 키 생성 예시도4 is an exemplary diagram of key generation according to an embodiment of the present invention

도 5는 본 발명의 일실시예에 따른 반복되는 동일 키 생성 예시도5 is an exemplary view of generating the same key repeatedly according to an embodiment of the present invention

부호의 설명Explanation of code

100 : 테이블 생성부 200 : 테이블 추출부100: Table generation unit 200: Table extraction unit

300 : 키 생성부 400 : 저장부300: key generating unit 400: storage unit

이하, 본 발명의 최적 실시예에 대하여 첨부된 도면을 참조하여 그 구성 및 작용을 설명하고 본 발명의 실시예는 여러 가지 형태로 변형될 수 있고 도면에서 구성요소의 표현 등은 보다 명확한 설명을 강조하기 위해서 과장되어 표현될 수 있고 본 발명의 요지를 불필요하게 흐릴 수 있다고 판단되는 공지 기능 및 구성에 대한 상세한 기술은 생략된다.Hereinafter, with reference to the accompanying drawings for the best embodiment of the present invention, its configuration and operation will be described, and embodiments of the present invention can be modified in various forms, and the expression of components in the drawings emphasizes a clearer description. In order to do so, detailed descriptions of well-known functions and configurations that may be exaggerated and determined to unnecessarily obscure the subject matter of the present invention are omitted.

도 1은 본 발명의 일실시예에 따른 데이터를 안전하게 보호하는 암호화 키 생성 모듈 구성도로서, 상기 데이터를 안전하게 보호하는 암호화 키 생성 모듈은 테이블 생성부(100), 테이블 추출부(200), 키 설정부(300) 및 저장부(400)로 이루어진다.1 is a block diagram of an encryption key generation module that securely protects data according to an embodiment of the present invention. The encryption key generation module that securely protects the data includes a table generation unit 100, a table extraction unit 200, and a key. It consists of a setting unit 300 and a storage unit 400.

더욱 상세하게, 상기 테이블 생성부(100)는 데이터보호(Data Protection)를 위해 주어진 메모리 할당 영역내에서 암호화된 데이터와 서명값에 의하여 차지하는 영역 이외의 영역을 분할하여 다수의 테이블을 순차적으로 생성한다.In more detail, the table generating unit 100 sequentially generates a plurality of tables by dividing an area other than the area occupied by the encrypted data and the signature value in the memory allocation area given for data protection. .

예컨대, 상기 테이블 생성부(100)는 도 2에 도시된 바와 같이, 메모리 영역 A에서 암호화 데이터와 서명값에 의해서 차지하는 영역 B를 제외하면 영역 C가 남고 상기 영역 C에 대해서 D와 같은 임의의 영역을 할당하여 테이블1, 테이블2, 테이블3부터 테이블n까지 다수의 테이블을 순차적으로 생성한다.For example, as shown in FIG. 2, the table generation unit 100 remains in the region C except for the region B occupied by the encrypted data and the signature value in the memory region A, and any region such as D for the region C Create multiple tables sequentially from Table 1, Table 2, Table 3 to Table n by assigning.

상기 테이블 추출부(200)는 상기 순차적으로 생성된 다수의 테이블 각각이 갖는 각 데이터값의 총합을 상기 생성된 다수의 테이블 개수로 mod한 값이 상기 순차적으로 생성된 다수의 테이블 순번에 해당되고 상기 순번에 해당되는 테이블을 추출한다.The table extractor 200 modulates the sum of each data value of each of the sequentially generated multiple tables with the number of the generated multiple tables, corresponding to the sequentially generated multiple table numbers, and the The table corresponding to the sequence number is extracted.

예컨대, 상기 테이블 추출부(200)는 도 3에 도시된 데이터 수와 데이터 크기는 본 발명의 이해를 돕기 위하여 단위를 적게 한 것에 불과한 것이며 이에 도 3을 참조하여 구체적으로 설명하는 바, 테이블 생성부(100)에서 순차적으로 생성된 테이블이 테이블1, 테이블2, 테이블3, 테이블4이고 각 테이블1, 2, 3, 4는 각각 3개의 데이터를 갖으며 상기 테이블1은 각 데이터가 1, 2, 3 데이터값을 갖고 테이블2는 각 데이터가 4, 5, 6 데이터값을 갖으며 테이블3은 각 데이터가 7, 8, 9 데이터값을 갖고 테이블4는 각 데이터가 10, 11, 12 데이터값을 갖으면 데이터값의 총합 즉, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12를 합한 값인 78을 데이블 개수 즉, 4로 mod하면 2가 되고 2를 통해서 세 번째 테이블3을 추출한다.For example, the table extraction unit 200 is the number of data and data size shown in FIG. 3 is only a small unit to help the understanding of the present invention, which will be described in detail with reference to FIG. 3, the table generation unit Tables 1, 2, 3, and 4 are sequentially generated in (100), and each of Tables 1, 2, 3, and 4 has 3 data, and each of Table 1 has 1, 2, With 3 data values, Table 2 has 4, 5, and 6 data values, Table 3 has 7, 8, and 9 data values, and Table 4 has 10, 11, and 12 data values. If it is, the sum of the data values, that is, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, which is 78, modulates the number of tables, that is, 4, it becomes 2, and through 2 The third table 3 is extracted.

다시 말해서, X mod 4에 의해 나오는 숫자는 0, 1, 2, 3이므로 테이블을 선택시에 테이블 번호를 0부터 카운트해서 X mod 4를 통해 나온 숫자가 2라면 세 번째 테이블이 된든 것이다.In other words, the number produced by X mod 4 is 0, 1, 2, 3, so when selecting a table, the table number is counted from 0. If the number from X mod 4 is 2, it is the third table.

상기 키 설정부(300)는 상기 추출된 테이블이 갖는 데이터값의 총합을 테이블 크기로 mod한 값이 테이블 난수의 제 1 데이터위치값이면서 상기 제 1 데이터위치값에 해당하는 난수를 제 1 키로 설정하고 상기 제 1 데이터위치값에 해당하는 난수를 테이블 크기로 mod한 값이 상기 테이블 난수의 제 2 데이터위치값이면서 상기 제 2 데이터위치값에 해당하는 난수를 제 2 키로 설정하는 방식으로 키의 길이 만큼 반복하여 키를 설정한다.The key setting unit 300 sets a total number of data values of the extracted table to a table size, and a value corresponding to the first data position value is a first key while the first data position value of the table random number is modulated. The length of the key is such that the random number corresponding to the first data position value is modulated by the table size, and the second data position value of the table random number is set and the random number corresponding to the second data position value is set as the second key. Repeat as many times to set the key.

예컨대, 상기 키 설정부(300)는 데이터를 암호화하기 위하여 필요한 키를 설정하기 위한 것으로서, 도 4에 도시된 테이블 난수를 참조하여 설명하는 바, 추출된 테이블이 갖는 데이터값의 총합을 테이블크기로 mod한 값이 5이면 상기 5는 제 1 데이터위치값에 해당함에 따라 도 4에 도시된 난수 BO가 데이터위치값 0 난수 C8이 데이터위치값 1, 난수 84가 데이터위치값 2로 주어짐으로 도 4에 도시된 A 즉, 난수 FD에 해당하고 난수 FD를 제 1 키로 설정한다.For example, the key setting unit 300 is for setting a key necessary for encrypting data, as described with reference to the table random number shown in FIG. 4, and the sum of the data values of the extracted table is set to the table size. If the modulated value is 5, the random number BO shown in FIG. 4 is given as the data position value 0, the random number C8 is the data position value 1, and the random number 84 is the data position value 2 according to 5 corresponding to the first data position value. A shown in, that is, corresponds to the random number FD and sets the random number FD as the first key.

다시, 상기 제 1 데이터위치값에 해당하는 난수 FD값은 F가 15×161이고 D가 13×160이므로 그 합 253을 테이블 크기 256으로 mod하면 도 4에 도시된 B 즉, 난수 C3에 해당되고 난수 C3은 제 2 데이터위치값이면서 제 2 키로 설정한다.Again, since the random number FD value corresponding to the first data position value is F 15 × 16 1 and D is 13 × 16 0, modulating the sum 253 to a table size of 256 results in B shown in FIG. 4, that is, random number C3. The corresponding random number C3 is the second data position value and is set by the second key.

또 다시, 상기 제 2 데이터위치값에 해당하는 난수 C3은 C가 12×161이고 3×160이므로 그 합 195를 테이블 크기 256으로 mod하면 도 4에 도시된 C 즉, 난수 60에 해당되고 난수 60은 제 3 데이터위치값이면서 제 3 키로 설정한다.Again, since the random number C3 corresponding to the second data position value is C 12 × 16 1 and 3 × 16 0, modulating the sum 195 to the table size 256 corresponds to C shown in FIG. 4, that is, the random number 60 The random number 60 is set as the third key while being the third data position value.

이상 설명한, 상기 키 설정부(300)는 상기 예시한 바와 같은 방법으로 키를 키 길이 만큼 반복하여 키를 설정하는 것이고 키 길이는 알고리즘 마다 키 길이가 다르기 때문에 알고리즘에 맞게 키를 설정하는 것이 바람직하다.As described above, the key setting unit 300 repeatedly sets a key by a key length in the same way as illustrated above, and it is preferable to set the key according to the algorithm because the key length is different for each algorithm. .

한편, 상기 키 설정부(300)는 상기 키 길이 만큼 키를 생성하는 과정에서 키가 연속적으로 동일 키를 생성하면 상기 동일 키를 생성하도록 하는 난수를 재생성한다.On the other hand, in the process of generating a key for the length of the key, the key setting unit 300 regenerates a random number to generate the same key when the keys are continuously generated.

예컨대, 상기 키 설정부(300)는 도 5에 도시된 테이블 난수를 참조하여 설명하는 바, 테이블이 갖는 데이터값의 총합을 테이블 크기로 mod한 값이 54이면 54인 제 1 위치값은 도 5에 도시된 A 즉, 난수 4A이고 난수 4A를 제 1 데이터위치값이면서 제 1 키로 설정한다.For example, the key setting unit 300 will be described with reference to the table random number shown in FIG. 5. If the value modulating the sum of the data values of the table by the table size is 54, the first position value of 54 is FIG. 5. A shown in, that is, the random number 4A and the random number 4A is the first data position value and is set as the first key.

다시, 상기 제 1 데이터위치값에 해당하는 난수 4A는 4가 4×161이고 A가 10×160이므로 그 합 74를 테이블 크기 256으로 mod하면 도 5에 도시된 B 즉, 난수 12이고 난수 12를 제 2 데이터위치값이면서 제 2 키로 설정한다.Again, since the random number 4A corresponding to the first data position value is 4 being 4 × 16 1 and A is 10 × 16 0, modulating the sum 74 to the table size 256, B shown in FIG. 5, that is, random number 12 and random number Set 12 as the second data position value and the second key.

또 다시, 상기 제 2 데이터위치값에 해당하는 난수 12는 1이 1×161이고 2가 2×160이므로 그 합 18을 테이블 크기 256으로 mod하면 도 5에 도시된 C 즉, 난수 F0이고 난수 F0을 제 3 데이터위치값이면서 제 3 키로 설정한다.Again, since the random number 12 corresponding to the second data position value is 1 1 × 16 1 and 2 is 2 × 16 0 , if the sum 18 is modulated to the table size 256, C shown in FIG. 5 is random number F0. The random number F0 is set to the third key while being the third data position value.

이후, 상기 제 3 데이터위치값에 해당하는 난수 F0은 F가 15×161이고 0이 0×160이므로 그 합 240을 테이블 크기 256으로 mod하면 도 5에 도시된 C 즉, 난수 F0이고 난수 F0은 제 4 데이터위치값과 제 4 키로 설정되어야 하지만, 제 4 데이터위치값이면서 제 4키인 F0은 제 3 데이터위치값이면서 제 3 키로 설정한 F0와 같다.Thereafter, since the random number F0 corresponding to the third data position value is F 15 × 16 1 and 0 is 0 × 16 0 , if the sum 240 is modulated to the table size 256, C shown in FIG. 5, that is, the random number F0 and the random number F0 should be set as the fourth data position value and the fourth key, but F0, which is the fourth data position value and the fourth key, is the same as F0 set as the third data position value and the third key.

이를 반복하여도, 상기 키 설정부(300)는 상기 난수 FO이 같은 값인 F0만을 생성함에 따라 암호화시 키 생성에 문제가 됨으로 상기 반복되는 F0 대신 다른 난수로 재생성하는 것이다.Even if this is repeated, the key setting unit 300 regenerates with a different random number instead of the repeated F0 because it is a problem in key generation during encryption as only the random number FO generates the same value F0.

상기 키의 길이 만큼 반복하여 설정된 키는 암호화시 사용됨에 따라 복호화시 동일한 대칭키 암호화 알고리즘을 사용하고 동일한 키를 사용한다.As the key set repeatedly by the length of the key is used for encryption, the same symmetric key encryption algorithm is used for decryption and the same key is used.

즉, 암호화 알고리즘은 대칭키 알고리즘을 사용하고 대칭키 암호화 알고리즘에서 사용하는 키 길이에 따라 상기 키의 길이 만큼 반복하여 키를 생성하는 것이다.That is, the encryption algorithm is to generate a key by using a symmetric key algorithm and repeating the length of the key according to the key length used in the symmetric key encryption algorithm.

한편, 상기 키 설정부(300)는 장치마다 생성된 자체 생성 난수를 이용하는 것이 바람직하다.Meanwhile, the key setting unit 300 preferably uses a self-generated random number generated for each device.

즉, 본 발명 데이터를 안전하게 보호하는 암호화 키 생성 모듈이 상기 키 설정부(300)가 장치마다 자체 생성 난수를 이용함에 따라 키외 외부로 노출되지 않아 데이터를 안정하게 보호한다.In other words, the encryption key generation module that securely protects the data of the present invention stably protects data because it is not exposed outside the key as the key setting unit 300 uses a self-generated random number for each device.

상기 저장부(400)는 키 길이 만큼 생성된 키를 데이터와 결합하여 암호화하고 서명한 후 저장한다.The storage unit 400 encrypts the key generated by the key length with the data, encrypts it, signs it, and stores it.

이상 설명한, 본 발명은 도면과 상세한 설명에서 최적 실시예들이 개시되고, 이상에서 사용된 특정한 용어는 단지 본 발명을 설명하기 위한 목적에서 사용된 것일 뿐, 의미 한정이나 특허청구범위에 기재된 본 발명의 범위를 제한하기 위하여 사용된 것이 아니다.As described above, the present invention discloses optimal embodiments in the drawings and detailed description, and specific terms used in the above are merely used for the purpose of describing the present invention, and the meaning of the present invention described in the claims or claims It is not used to limit the scope.

그러므로 본 기술분야의 통상의 지식을 가진 자라면 이로부터 다양한 변형 및 균등한 타 실시예가 가능하고, 본 발명의 진정한 기술적 보호 범위는 특허청구범위의 기술적 사상에 의해 정해져야 할 것이다.Therefore, a person having ordinary knowledge in the technical field can perform various modifications and other equivalent embodiments therefrom, and the true technical protection scope of the present invention should be determined by the technical spirit of the claims.

Claims (4)

데이터보호(Data Protection)를 위해 주어진 메모리 할당 영역 내에서 암호화된 데이터와 서명값에 의해서 차지하는 영역 이외의 영역을 분할하여 다수의 테이블을 순차적으로 생성하는 테이블 생성부와;A table generation unit for sequentially generating a plurality of tables by dividing an area other than the area occupied by the encrypted data and the signature value in a given memory allocation area for data protection; 상기 순차적으로 생성된 다수의 테이블 각각이 갖는 각 데이터값의 총합을 상기 생성된 다수의 테이블 개수로 mod한 값이 상기 순차적으로 생성된 다수의 테이블 순번에 해당되고 상기 순번에 해당되는 테이블을 추출하는 테이블 추출부와;The value modulated by the total number of data values of each of the sequentially generated multiple tables with the number of the generated multiple tables corresponds to the sequentially generated multiple table sequence numbers and extracts the tables corresponding to the sequence numbers A table extraction unit; 상기 추출된 테이블이 갖는 데이터값의 총합을 테이블 크기로 mod한 값이 테이블 난수의 제 1 데이터위치값이이면서 상기 제 1 데이터위치값에 해당하는 난수를 제 1 키로 설정하고 상기 제 1 데이터위치값에 해당하는 난수를 테이블 크기로 mod한 값이 테이블 난수의 제 2 데이터위치값이면서 상기 제 2 데이터위치값에 해당하는 난수를 제 2 키로 설정하는 방식으로 키 길이 만큼 반복하여 키를 설정하는 키 설정부와; 및A value modulated by summing the sum of the data values of the extracted table into a table size is the first data position value of the table random number, and sets a random number corresponding to the first data position value as a first key and the first data position value. A key setting that repeatedly sets the key by a key length by setting the random number corresponding to the table size as the second data position value of the table random number and setting the random number corresponding to the second data position value as the second key Wealth; And 상기 키 길이 만큼 생성된 키를 데이터와 결합하여 암호화하고 서명한 후 저장하는 저장부로 이루어진 것을 특징으로 하는 데이터를 안전하게 보호하는 암호화 키 생성 모듈.An encryption key generation module for securely protecting data, comprising a storage unit that encrypts the key generated by the length of the key with data, encrypts it, and stores it. 청구항 1에 있어서, 상기 키 설정부는The method according to claim 1, The key setting unit 상기 키의 길이 만큼 키를 생성하는 과정에서 키가 연속적으로 동일 키를 생성하면 상기 동일 키를 생성하도록 하는 난수를 재생성하는 것을 특징으로 하는 데이터를 안전하게 보호하는 암호화 키 생성 모듈.In the process of generating a key for the length of the key, an encryption key generation module for safeguarding data, characterized in that when the key continuously generates the same key, regenerates a random number to generate the same key. 청구항 1에 있어서, 상기 키 설정부는The method according to claim 1, The key setting unit 장치마다 생성된 자체 생성 난수를 이용하는 것을 특징으로 하는 데이터를 안전하게 보호하는 암호화 키 생성 모듈.An encryption key generation module for securely protecting data characterized by using a self-generated random number generated for each device. 청구항 1에 있어서,The method according to claim 1, 상기 키의 길이 만큼 반복하여 설정된 키는 암호화시 사용됨에 따라 복호화시 동일한 대칭키 암호화 알고리즘을 사용하고 동일한 키를 사용하는 것을 특징으로 하는 데이터를 안전하게 보호하는 암호화 키 생성 모듈.The encryption key generation module that securely protects data characterized by using the same symmetric key encryption algorithm and using the same key when decrypting, as the key set repeatedly by the length of the key is used during encryption.
PCT/KR2019/002610 2018-09-27 2019-03-06 Encryption key generation module for protecting data securely Ceased WO2020067616A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2018-0114800 2018-09-27
KR1020180114800A KR101932680B1 (en) 2018-09-27 2018-09-27 A module device for generating an encryption key for securely protecting data

Publications (1)

Publication Number Publication Date
WO2020067616A1 true WO2020067616A1 (en) 2020-04-02

Family

ID=65006435

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2019/002610 Ceased WO2020067616A1 (en) 2018-09-27 2019-03-06 Encryption key generation module for protecting data securely

Country Status (2)

Country Link
KR (1) KR101932680B1 (en)
WO (1) WO2020067616A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7127428B2 (en) * 2002-05-13 2006-10-24 Thomson Licensing Dynamic business relationship establishment in a public wireless LAN environment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030105967A1 (en) * 2001-11-30 2003-06-05 Nam Sang Joon Apparatus for encrypting data and method thereof
KR20060014356A (en) * 2002-07-27 2006-02-15 엑스트림 시큐리티 솔루션즈 엘티디., 엘엘씨 Apparatus and method for encryption and decryption
US20120237024A1 (en) * 2011-03-18 2012-09-20 Wei-Ti Liu Security System Using Physical Key for Cryptographic Processes
US20150163051A1 (en) * 2012-06-28 2015-06-11 Nec Corporation Encryption device, encryption method and program
KR20170085921A (en) * 2016-01-15 2017-07-25 단국대학교 산학협력단 Apparatus and method for encrypting and decrypting

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030105967A1 (en) * 2001-11-30 2003-06-05 Nam Sang Joon Apparatus for encrypting data and method thereof
KR20060014356A (en) * 2002-07-27 2006-02-15 엑스트림 시큐리티 솔루션즈 엘티디., 엘엘씨 Apparatus and method for encryption and decryption
US20120237024A1 (en) * 2011-03-18 2012-09-20 Wei-Ti Liu Security System Using Physical Key for Cryptographic Processes
US20150163051A1 (en) * 2012-06-28 2015-06-11 Nec Corporation Encryption device, encryption method and program
KR20170085921A (en) * 2016-01-15 2017-07-25 단국대학교 산학협력단 Apparatus and method for encrypting and decrypting

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7127428B2 (en) * 2002-05-13 2006-10-24 Thomson Licensing Dynamic business relationship establishment in a public wireless LAN environment

Also Published As

Publication number Publication date
KR101932680B1 (en) 2018-12-26

Similar Documents

Publication Publication Date Title
US10187200B1 (en) System and method for generating a multi-stage key for use in cryptographic operations
CN103532707B (en) Systems and methods for determining programmable processing steps to apply in securing data
Nafi et al. A newer user authentication, file encryption and distributed server based cloud computing security architecture
JP6267207B2 (en) System for generating an encryption key from memory used as a physical non-clonal function
CN105450620B (en) A kind of information processing method and device
ES2890138T3 (en) Method to protect a crypto process with Sbox against higher order side channel attacks
CN105722067B (en) Data method for encryption/decryption and device on mobile terminal
US20180152290A1 (en) Method and system for encrypting and decrypting two-dimensional code mask
CN101908113B (en) Authentication method and authentication system
KR20130129170A (en) Storage device and method for providing a partially-encrypted content file to a host device
CN106341384A (en) Methods for facilitating secure communication
US20160149879A1 (en) Method for generating cryptographic "one-time pads" and keys for secure network communications
CN103853943B (en) program protection method and device
JP2010517449A (en) Secret protection for untrusted recipients
WO2018186543A1 (en) Data encryption method and system using device authentication key
WO2020235942A9 (en) System for restoring lost private key
CN108924087A (en) Cloud virtual machine intellectual property method for effective protecting is realized based on No. UUID and MAC Address
CN106031079B (en) Operator Promotion in Cryptographic Algorithms
WO2020067616A1 (en) Encryption key generation module for protecting data securely
CN103177224A (en) Method and device for data protection of external memory card of terminal
US10110373B2 (en) System and method for manipulating both the plaintext and ciphertext of an encryption process prior to dissemination to an intended recipient
Reddy et al. Enhanced key establishment technique for secure data access in cloud
KR20040052304A (en) Security apparatus and method for digital hardware system
EP3391607A1 (en) Method of generating a pseudonym associated with a communication device, a network node, computer program and computer program product
KR101194403B1 (en) Apparatus of generating cryptographically secure pseudo random number and method thereof

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19864444

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19864444

Country of ref document: EP

Kind code of ref document: A1