Background
In the age of the rapid development of internet technology, electronic data generated by users using their own devices has been explosively increased. It is expected that by 2025, global user generated data will be as high as 163ZB. In order to prevent data of a user from being accidentally lost and stolen, and in order to ensure that the user can access the data of the user in real time, the efficiency and flexibility of using the data of the user are improved, and more cloud service providers (for example, google Drive, oneDrive, hundred degree cloud, ali cloud and the like) are generated. They provide cloud storage services for users, helping users manage data. The cloud storage service provides a data management mode for online data storage, namely, a user does not need to store the data locally, only needs to upload the data to a cloud server through a network, and then can access the data stored in the outsourcing remotely through different devices as required.
Users use hardware devices (e.g., desktops, notebooks, etc.) to perform cryptographic operations, which may be challenging to backdoor attacks. The disclosure of Edwarden-Stokes (Edward Snowden) reveals that an attacker may embed a backdoor in the hardware, software, and standard protocols used by the user to obtain the user's private information. An attractive case is that the national security agency sets a backdoor in a public encryption standard and intercepts users when they communicate using the standard in order to restore the privacy of the users. The high complexity of modern cryptography makes it difficult for experts to discover such vulnerabilities, let alone average users. The attacker intentionally embeds the backdoor in hardware, software and standard protocols, and masks his trace by cryptographic means, thus making it more tricky for users to find the attack. Therefore, the hardware used by the user may be embedded into the back door, so that the adversary can recover the password of the user bit by intercepting the interaction information of the user and the outside.
Furthermore, if the data outsourced by the user is stored in the cloud server in the form of plaintext, once the cloud server is hacked, the data stored by the user outsourced can also face the risk of leakage or even permanent loss. This may result in irrecoverable losses to the user and impact the reputation of the cloud service provider. Unfortunately, large-scale database leakage events have frequently occurred.
In the encryption algorithm of the user terminal, under normal conditions, a user selects a random number as an encryption key, and the data of the user terminal is encrypted and stored to the cloud server terminal by utilizing the symmetric encryption algorithm. However, this method has a disadvantage in that the user must secure the encryption key, and once the key is leaked or lost, leakage or even permanent loss of the user outsourced data may result.
Currently, encrypting and then saving the data of a user is the most effective method for ensuring the security of outsourced data, wherein password-based encryption is the most convenient encryption algorithm: the user ensures the security of the outsourcing data under the condition of only holding one password, and can decrypt all outsourcing data according to the requirement. In the password-based encryption algorithm, the user does not need to store any secret information except the password, so that the password-based encryption algorithm has obvious efficiency and convenience. But due to the limitations of the password itself, it presents security issues in protecting the outsourced data. If the outsourcing data is encrypted by directly using the password of the user, after the adversary breaks the cloud server, the adversary can exhaust all possible passwords, try to decrypt the ciphertext one by one until meaningful plaintext data is obtained, and the attack is called password guessing attack.
To solve this problem, password-protected secret sharing (PPSS) is a common key management method. The method is proposed for the first time by Ford et al, where a user splits his own secret value (which may be any form of information, generally understood as an encryption key used by the user to protect his own outsourced data) into n shares and saves them in n speed limiters. In the key recovery stage, the user uses own password to authenticate own identity to each speed limiter through public key infrastructure (public key infrastructure, PKI for short), and after authentication is successful, the encryption key is recovered by using n secret values, and then the outsourced data is obtained through decryption. Thereafter Jablon et al propose a password recovery secret based algorithm to remove PKI. Bagherzandi et al first developed the above algorithm to a level of cryptographic primitives, referred to as password-protected SECRET SHARING (PPSS for short). In PPSS, a group of speed limiters generates and shares a key of speed limiter terminals, each of which holds a sub-key, through a (t, n) -threshold secret sharing protocol. The user selects an encryption key, encrypts the password and the encryption key and then stores the encrypted password and the encrypted encryption key in n speed limiters in a distributed mode. In the decryption stage, after the user inputs the password, the user interacts with the n speed limiters, and the user can only recover the encryption key after inputting the correct password and obtaining the responses from the t speed limiters. Based on Bagherzandi et al work, many subsequent works built password-protected secret sharing algorithms based on PPSS.
In current PPSS algorithms, users interact with the governor group using passwords to store encryption keys in a distributed manner, thereby ensuring the security of their outsourced data. The encryption key is single and static, i.e. the encryption key used by a user to protect self-contained data is fixed. Once the adversary obtains the decryption key of the user outsourced data, after the cloud server is invaded, all data related to the user can be recovered, and the attack is called static key leakage attack. If the user chooses different encryption keys to encrypt different outsourced data, a multiple secret sharing protocol with the speed limiter group needs to be performed, which obviously increases the computational overhead and the communication overhead. Therefore, how to design a user side encryption algorithm that can directly derive multiple encryption keys from a single password and is safe and efficient is a problem that needs to be studied in depth.
Disclosure of Invention
In order to solve the problems that the encryption key in the existing PPSS algorithm is single and static, so that the encryption key is easy to be attacked by static key disclosure, in addition, an attacker possibly embeds a back door in hardware, software and standard protocols used by the user, so that private information of the user is revealed, and the like, the invention provides a data confidentiality method for deriving a plurality of encryption keys by a single password and resisting the back door attack.
In order to achieve the above object, the present invention provides the following technical solutions:
a data security method for deriving multiple encryption keys from a single password and being resistant to back door attacks, comprising the steps of:
The method comprises the steps of carrying out hash transformation on a user name and a password to obtain a first temporary key, sending the first temporary key to a speed limiter after blinding treatment, receiving an identity key obtained after the speed limiter encrypts the first temporary key after blinding treatment and blinds removal, generating a first public key and a first private key through the identity key, storing the user name and the first public key in a server, and finishing registration at the server;
Obtaining a pseudo random value and data to be encrypted, carrying out hash transformation to generate a key, carrying out hash transformation on a user name and a password to obtain a first hash value, carrying out hash transformation on the user name and the key to obtain a second hash value, carrying out blind processing on the first hash value and the second hash value respectively, sending the second hash value to a speed limiter, receiving an encryption key obtained by the speed limiter after carrying out encryption processing on the first hash value and the second hash value after carrying out blind processing and removing the blind processing, encrypting plaintext data by using the encryption key to generate ciphertext, and sending the key and the ciphertext to a server.
Further, performing hash transformation processing on a user name and a password to obtain a second temporary key, performing blinding processing on the second temporary key, sending the second temporary key to a speed limiter, receiving the second temporary key subjected to blinding processing by the speed limiter, recovering the second temporary key to obtain the identity key after blinding processing, recovering a first public key and a first private key through the identity key, generating a signature by using the first private key and the user name, and sending the signature to a server;
receiving a ciphertext and a key returned after the server passes the signature through the first public key verification; hash conversion is carried out on the user name and the password to obtain a third hash value, hash conversion is carried out on the user name and the key to obtain a fourth hash value, the third hash value and the fourth hash value are subjected to blind processing respectively and then are sent to a speed limiter, a decryption key obtained after the speed limiter encrypts the third hash value and the fourth hash value subjected to blind processing and then is subjected to blind processing is received, and the ciphertext is decrypted by using the decryption key to generate a plaintext.
Further, the step of obtaining a first temporary key after hash transformation is performed on the user name and the password, sending the first temporary key to the speed limiter after blinding, and receiving the identity key obtained after the speed limiter encrypts the first temporary key after blinding and blinds removal comprises the following steps:
Carrying out hash transformation on the user name and the password and obtaining a first temporary key after local blinding treatment;
The first temporary key is sent to a speed limiter after the reverse firewall blinding treatment;
And receiving the identity key which is subjected to the processes of encryption, reverse firewall blinding and local blinding of the first temporary key which is subjected to the blinding process sequentially through the speed limiter terminal.
Further, the steps of performing blinding processing on the first hash value and the second hash value, sending the blinded processed first hash value and the second hash value to the speed limiter, and receiving an encryption key obtained by performing encryption processing on the blinded first hash value and the blinded second hash value through the speed limiter, and performing blind removal on the encryption key include:
respectively carrying out local blinding treatment on the first hash value and the second hash value to obtain two first intermediate keys;
Sending the two first intermediate keys to a speed limiter after blinding treatment of a reverse firewall;
And receiving the encryption keys after two first intermediate key encryption processes, reverse firewall blinding and local blinding processes which are performed by the speed limiter end in sequence.
Further, the step of obtaining the second temporary key after hash transformation processing is performed on the user name and the password, blinding the second temporary key and sending the second temporary key to the speed limiter, and recovering the identity key after blinding the second temporary key by the speed limiter comprises the steps of:
carrying out hash transformation on the user name and the password and obtaining a second temporary key after local blinding treatment;
the second temporary key is sent to a speed limiter after the reverse firewall blinding treatment;
And receiving the identity key which is subjected to the second temporary key encryption processing, reverse firewall blinding processing and local blinding processing after the blinding processing sequentially by the speed limiter terminal.
Further, the step of blinding the third hash value and the fourth hash value, sending the blinded third hash value and the fourth hash value to the speed limiter, and receiving the decryption key obtained by the speed limiter after the blinding the third hash value and the fourth hash value, and the blinding the decryption key includes:
carrying out local blinding treatment on the third hash value and the fourth hash value to obtain two second intermediate keys;
sending the two second intermediate keys to a speed limiter after blinding treatment of a reverse firewall;
and receiving the decryption keys after two second intermediate key encryption processing, reverse firewall blinding and local blinding processing which are performed by the speed limiter end in sequence.
Further, the reverse firewall blinding step includes:
After the reverse firewall receives t effective messages sent by the speed limiter end, the reverse firewall passes through the formula
Blinding the effective message sent by the speed limiter end and synthesizing a temporary intermediate value phi ', wherein gamma '-1 and theta '-1 are inverse elements of gamma ', theta ' respectively, and gamma ' and theta ' are blinding parameters respectively, and the message sent by the speed limiter end is ci;
The reverse firewall passes through the formula
e(φ′,P)=e(b·b′,pk)
Judging the validity of a temporary intermediate value phi ', wherein b and b' are respectively the information sent by a reverse firewall receiving user terminal, pk is a public key of a speed limiter terminal, and P is a generator of an addition cyclic group for generating a pseudo-random value and a blinding parameter;
if the verification is passed, the reverse firewall sends the temporary intermediate value phi' to the user side; otherwise, the message is refused to be sent.
Further, the related expression for generating the first public key and the first private key through the identity key is as follows:
key1=h(1||un||pw||h(ω))
key2=h(2||un||pw||h(ω))
ε=H1(IDcs||un)
usk=key1·H2(ε)
upk=usk·P
Where un is a user name, pw is a password, ω is an identity key, IDcs is a unique identifier of the server identity, P is a generator of an addition loop group that generates a pseudo-random value and a blinding parameter, H2(·)、H1 (·) and H (·) are hash functions, usk is a first private key, and upk is a first public key.
Further, the speed limiter terminal encryption adopts a speed limiter terminal key generated through a complete distributed threshold key sharing protocol to encrypt the received data.
The data confidentiality method for deriving a plurality of encryption keys from a single password and resisting back door attack has the following beneficial effects:
After the hash transformation processing is carried out on the single password, the user name, the pseudo-random number and the data to be encrypted, a plurality of key data such as an identity key, an encryption key and the like are derived, the identity of the user is registered through the identity key, the identity of the user is safely verified when the stored data are obtained later, the ciphertext and the key are returned to the user side, the outsourcing data of the user can be effectively protected, the adversary is prevented from recovering the data of the user through password guessing attack, and the safety of the user data in the obtaining process is enhanced.
The encryption key generated in the method is generated after the encryption processing is carried out on the pseudo-random value and the data to be encrypted, so that the encryption key used for the data to be encrypted is a dynamically generated different encryption key each time, namely, the key used for protecting the data outsourced by the user is not fixed, and even if an adversary obtains the encryption key of a certain user for a certain time, all data related to the user cannot be recovered, therefore, the method can prevent static key leakage attack.
In the method, when a plurality of key data are derived through a single password, blinding processing is performed, so that a malicious attacker cannot acquire any data information related to the attribute under the action of blinding processing, an access control mechanism is enabled to be safer and more reliable, the attacker can be prevented from being intentionally embedded into a backdoor in hardware, software and a standard protocol, and the trails of the attacker are covered by a cryptography means. Therefore, the invention is a method for encrypting outsourcing data at the user end, which can resist back door attack.
The scheme improves the safety and reliability of user data encryption by the method for carrying out multiple encryption and blinding processing on the data.
Detailed Description
The present invention will be described in detail below with reference to the drawings and the embodiments, so that those skilled in the art can better understand the technical scheme of the present invention and can implement the same. The following examples are only for more clearly illustrating the technical aspects of the present invention, and are not intended to limit the scope of the present invention.
Method embodiment
The invention provides a data confidentiality method for deriving a plurality of encryption keys from a single password and resisting back door attacks. The scheme comprises the following steps.
And step 1, initializing.
Initializing a safety parameter and a public parameter by a system; the speed limiter group generates and shares a speed limiter end key k by using a fully distributed threshold key sharing protocol, the corresponding public key is pk, each speed limiter obtains a speed limiter terminal key ki, and the corresponding sub-public key is pki.
The specific process of the step 1 is as follows:
The common parameter is PP= { P, P, G, GT,e,h(·),H(·),H1(·),H2 (&) Enc, dec }, wherein G is an addition cyclic group with a prime number P and a generator P, GT is a multiplication cyclic group, and e is G×G- & gtGT is a bilinear pair mapping; is a finite field, H (·) is {0,1}* → G,/>Wherein H (·), H1(·),H2 (·) are hash functions; enc is a secure symmetric encryption algorithm (e.g., AES), and Dec is a secure symmetric decryption algorithm.
The n speed limiters KSγ interact to share a secret value ki special for each user, wherein gamma is more than or equal to 1 and less than or equal to n, and the specific process is as follows:
step 1-1. Random selection of each speed limiter KSγAnd a polynomial fγ(x)=br,0+br,1x+br,2x2+…+br,t-1xt-1 of t-1, 2.ltoreq.t < n.
Step 1-2. Speed limiter KSγ sends { br,0P,br,1P,br,2P,…,br,t-1 P } and fγ (ω) to other speed limiters KSω, 1.ltoreq.ω < n, ω+.y.
Step 1-3 speed limiter KSγ receives fω (γ) from other speed limiters KSω, speed limiter KSγ verifies the formulaIf the formula is not satisfied, the authentication fails, the speed limiter KSγ refuses to accept fω (γ), otherwise, the speed limiter KSγ accepts fω (γ).
Step 1-4 speed limiter KSγ calculates the self secret keyAnd calculates the self public key PKi,γ=ki,γ P; the user-specific subkey value isThe sub-public key value is pki=ki P.
And 2, registering the user on the cloud server side.
As shown in fig. 1, the user uses his own user name un and password pw with the governor group to generate a key σ (identity key) by performing an unintentional pseudo-random function. Sigma is determined by the user name un, the user password pw and the speed limiter side key k. Based on the verifiable random function, the user uses sigma to generate a public-private key pair comprising a first public key upk and a first private key usk, and stores user names un and upk at the cloud server side. The reverse firewall is positioned between the user and the speed limiter group, and sends the re-randomized received message to other entities.
The specific process of the step2 is as follows:
step 2-1 user random selectionCalculating x=α·h (pw||un) with its own device and sending x to the reverse firewall. Reverse firewall random selectionCalculate x '=β·x and send x' to the governor group.
Step 2-2. After each speed limiter Ri (i.e. [1, n ]) receives the message sent by the user, it calculates yi=ki. X 'using the sub-secret value ki stored for the user's secret, and sends yi to the user.
And 2-3, when the message yi sent by the speed limiter group passes through the reverse firewall of the user, the reverse firewall judges the validity of yi by using a formula e (yi,P)=e(x',pki). When t effective messages are received, reverse firewall calculation is performedWherein β-1 is the inverse of β,The reverse firewall determines the validity of σ 'by the formula e (σ', P) =e (x, pk). If the verification is passed, the reverse firewall sends sigma' to the user; otherwise, the message is refused to be sent.
Step 2-4. After the user receives σ ', calculate σ=α-1 ·σ', where α-1 is the inverse of α, and determine if the formula e (σ, P) =e (H (pw||un), pk) holds. Sigma is valid if the equation is true; otherwise, the message σ' is ignored.
Step 2-5. The user calculates key1=h(1||un||pw||h(σ)),key2=h(2||un||pw||h(σ)),τ=H1(IDcs un using his own device),Where IDcs is a unique identifier of the cloud server identity. The user generates a pair of password-derived public and private keys, the user first private key usk=key1·H2 (τ), the user first public key upk =usk·p, deletes various locally calculated information, only stores own password pw, and sends (μ, pi, un, upk) to the cloud server.
And 2-6, after the cloud server receives the request, judging whether mu=e (P, pi) is true or not. If so, storing un and upk in the cloud server; otherwise, reject the message.
And step 3, the user derives an encryption key by using the password, encrypts the outer package data M and stores the encrypted outer package data M in the cloud server.
As shown in fig. 2, the user selects a random number ρ and calculates a key key=h (M, ρ). The user uses the user name un, password pw and key and speed limiter group to generate a symmetric key phi (encryption key) by performing an unintentional pseudorandom function. Phi is determined by the un, pw, key and the speed limiter side key k together. The user encrypts the outsourced data M using phi. The reverse firewall is positioned between the user and the speed limiter group, and sends the re-randomized received message to other entities.
The specific process of the step3 is as follows:
Step 3-1. The user inputs a user name un and a password pw in own equipment, selects a random number ρ, calculates a key=h (M, ρ), wherein H (·) is a hash function, and M is data to be outsourced by the user.
Step 3-2. The user randomly selects γ and θ, calculates a first hash value b=γ·h (pw||un), a second hash value b '=θ·h (key||un), and sends b and b' to the reverse firewall.
Step 3-3. After the firewall receives, it selects random numbers γ ' and θ ', calculates z=γ ' ·b, z ' =θ ' ·b ', and sends z, z ' to the governor group.
Step 3-4. After each speed limiter Ri (i.e. [1, n ]) receives the message sent by the user, it calculates ci=ki.z.z' using the subkey value ki kept secret for that user, and sends ci to the user.
And 3-5, when the message ci sent by the speed limiter group passes through the reverse firewall of the user, the reverse firewall judges the validity of ci by using a formula e (ci,p)=e(z·z',pki). When t effective messages are received, reverse firewall calculation is performedWherein γ '-1 and θ'-1 are the inverse of γ ', θ', respectively,The reverse firewall determines the validity of phi ' by the formula e (phi ', P) =e (b·b ', pk). If the authentication is passed, the reverse firewall sends phi' to the user; otherwise, the message is refused to be sent.
Step 3-6. After receiving phi ', the user calculates phi = theta-1·γ-1 & phi', where theta-1 is the inverse of theta and gamma-1 is the inverse of gamma, and determines if the formula e (phi, P) = e (H (pw|un) ·H (key|un), pk) holds. If the equation is true, then φ is valid; otherwise, the message phi' is ignored.
Step 3-7, the user encrypts the plaintext by using the generated key phi (encryption key), and generates ciphertext c=enc (phi, M) by using an encryption algorithm, wherein Enc is a symmetric encryption algorithm, and sends C= (C, key) to the cloud server for storage.
And 4, the user interacts with the speed limiter group to recover the outsourcing data of the user.
As shown in fig. 3, the user recovers the key σ (identity key) by performing an unintentional pseudo-random function using his own user name un and password pw with the governor group. The reverse firewall is positioned between the user and the speed limiter group, and the reverse firewall is used for receiving the message after being re-randomized and sending the message to the receiving entity. Based on the verifiable random function, the user recovers a public-private key pair (upk, usk) using sigma, including a first public key upk and a first private key usk, generates a signature epsilon for the identity of the user using usk and sends the signature epsilon to the cloud server. The cloud server uses the previously saved upk to determine the validity of the epsilon using a verification algorithm. If the verification passes, the cloud server returns ciphertext c= (C, key).
After receiving C, the user hashes the key, and generates a decryption key psi by executing an inadvertent pseudo-random function by using the user name un, the password pw, and the key and the speed limiter group. Psi is determined by the un, pw, key and the speed limiter side key k. The user resumes the outsourced message m=dec (ψ, C), where Dec is a symmetric decryption algorithm. The reverse firewall is positioned between the user and the speed limiter group, and the reverse firewall is used for transmitting the received message to the receiving entity after being re-randomized.
The specific process of the step 4 is as follows:
step 4-1. Random user selectionThe second temporary key d=η·h (pw||un) is calculated by the own device and d is sent to the reverse firewall. Reverse firewall random selectionD' =λ·d is calculated and sent to the governor group.
Step 4-2. After each speed limiter Ri (i.e. [1, n ]) receives the message sent by the user, it calculates qi=ki.d 'using the sub-secret value ki stored for the user's secret, and sends qi to the user.
Step 4-3. When the message qi sent by the speed limiter group passes through the reverse firewall of the user, the reverse firewall uses formula e (qi,P)=e(d',pki) to judge the validity of ai. When t effective messages are received, reverse firewall calculation is performedWherein mu-1 is the inverse of mu,The reverse firewall determines the validity of ω 'by the formula e (ω', P) =e (d, pk). If the authentication is passed, the reverse firewall sends omega' to the user; otherwise, the message is refused to be sent.
Step 4-4. After receiving ω ', the user calculates ω=η-1 ·ω', where η-1 is an inverse of η, and determines whether the formula e (ω, P) =e (H (pw||un), pk) holds. ω (identity key) is valid if the equation is true; otherwise, the message ω' is ignored, where ω and σ are the same, but the random number chosen each time is different, but this random number can be given about when calculated by the formula.
Step 4-5. The user calculates key1=h(1||un||pw||h(ω)),key2=h(2||un||pw||h(ω)),ε=H1(IDcs un using his own device),Where IDcs is a unique identifier of the cloud server identity. The user gets a first private key usk=key1·H2 (epsilon) and a first public key upk =usk·p. The user generates a signature e=sig (usk, un) for the user identity using usk and un and sends the e to the server.
And 4-6, the cloud obtains a signature, and the validity of the signature is judged by using a verification algorithm through upk stored before. If the verification passes, the cloud server returns ciphertext c= (C, key).
And 4-7, after the user obtains C, performing subsequent calculation by using the key in the ciphertext. The user randomly selects f and g, calculates a third hash value m=f·h (pw||un), and a fourth hash value m '=g·h (key|un), and sends m and m' to the reverse firewall.
Step 4-8. After the firewall receives, it selects the random number f ', g ' to calculate n=f ' ·m, n ' =g ' ·m ', and sends n, n ' to the governor group.
Step 4-9. After each rate limiter Ri (i.e. [1, n ]) receives the message sent by the user, it calculates ji=ki. N.n 'using the subkey value ki stored for the user's secret, and sends ji to the user.
Step 4-10. When the message ji sent by the speed limiter group passes through the reverse firewall of the user, the reverse firewall uses formula e (ji,p)=e(n·n',pki) to judge the validity of ji. When t effective messages are received, reverse firewall calculation is performedWherein f '-1 and g'-1 are the inverse of f ', g', respectively,The reverse firewall judges the validity of ψ ' by the formula e (ψ ', P) =e (m·m ', pk). If the verification is passed, the reverse firewall sends the psi' to the user; otherwise, the message is refused to be sent.
Step 4-11. After the user receives ψ ', calculate ψ=f-1·g-1 ·ψ', where f-1 is the inverse of f and g-1 is the inverse of g, and determine whether the formula e (ψ, P) =e (H (pw|un) ·h (key|un), pk) holds. If the equation is true, then ψ is valid; otherwise, the message ψ' is ignored.
Step 4-12. The user decrypts the plaintext using the generated key ψ (decryption key) and uses the decryption algorithm m=dec (ψ, C), where Dec is a symmetric decryption algorithm, the user gets the plaintext M.
The invention realizes a safe and efficient user terminal encryption algorithm, can directly derive multiple encryption keys from a single port, realizes an algorithm for encrypting outsourced data of a client terminal, and can resist back door attacks.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It should be noted that the above-described embodiments will enable those skilled in the art to more fully understand the invention, but do not limit it in any way. Thus, although the present invention has been described in detail with reference to the present specification and examples, it should be understood by those skilled in the art that the present invention may be modified or equivalents; all technical schemes and improvements which do not depart from the spirit and scope of the invention are covered by the protection scope of the invention. Any reference sign in a claim should not be construed as limiting the claim concerned.