Browse Prior Art Database

A method to implement irreversible security exchanging for Web Services

IP.com Disclosure Number: IPCOM000237669D
Publication Date: 2014-Jul-02
Document File: 8 page(s) / 285K

Publishing Venue

The IP.com Prior Art Database

Abstract

Security is crucial when Web services exchange business data. Negative financial or legal consequences can result if data is intercepted by third parties, or if fraudulent data is accepted as valid. WS-Security is well-known standardized technologies at this area. Normally public-key cryptography is used in WS-Security to support encryption and signing of message exchanged between parties involved. The approach to generate and manage public/private keys is the core technology to ensure confidentiality, integrity and authenticity, especially in a complicated, multiple parties involved, distributed network. The current invention discloses one method for better and safer key generation and management in distributed network topology.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 31% of the total text.

Page 01 of 8

A method to implement irreversible security exchanging for Web Services

Background:

Security is crucial when Web services exchange business data. Negative financial or legal consequences can result if data is intercepted by third parties, or if fraudulent data is accepted as valid. WS-Security is well-known standardized technologies at this area. Normally public-key cryptography is used in WS-Security to support encryption and signing of message exchanged between parties involved. The approach to generate and manage public/private keys is the core technology to ensure confidentiality, integrity and authenticity, especially in a complicated, multiple parties involved, distributed network. The current invention discloses one method for better and safer key generation and management in distributed network topology.

Prior Arts:


1. [Open Algorithm 1]Traditional Lagrange Interpolation

Based on the traditional Lagrange Interpolation, threshold key sharing method a (t,n ) is comprised of three parts: system parameters, secret distribution algorithm and secret reconstruction algorithm. Here n represent to the participants number and t is the threshold to reconstruct the secret.


(1) System parameters: the private key S is the secret to be shared, and is defined in a finite field where p is a prime greater than S and n ;

are different integers defined in , which are represented as the public identification of n participants.


(2) Secret distribution algorithm: a (t-1 )-degree polynomial

in the finite field is chosen, where

are random integers and ; then the key pieces

are calculated and delivered to each responding holder.


(3) Secret reconstruction algorithm: t coordinates

can be acquired through any t holders' cooperation. According to Lagrange interpolation polynomial:

,after a new user receives at least t key pieces, it can reconstruct the secret keyS .

Why additional solution required
Traditional Lagrange Interpolation just anopen algorithm, which not takesdetailed transmission,trust measurement and key lifecycle maintenance in to consideration. It can't be put into use directly.

1


Page 02 of 8

2. [Existed Existed

technology]Key management in WS Key management in WS- --Security

Security Security

WS-Securityuses public and privatekeys to encrypt and decryptdata and use the Hash algorithmto validate the integrity of the encrypted data.

It has following

It has following

disadvantages:


(1) If the public/private key is intercepted and cracked by third party, itmight be used for message decryption or fraudulence, and then lead to serious vulnerabilities to all parties involved in the distributed network.

(2) Hash algorithmcan be inversed,the keymay be forgedand deceivethe validator.

Our improvement ccompared to pre-arts

The assignment of key pieces is more secure because of the integers d

i

, which means the trusted node with higher

trust degree will hold more key pieces.

Preventing transportation attack by adding validation field in key...