61results about "Key distribution for secure communication" patented technology

A system, method, and computer product that accelerates encryption and decryption of data while using both a static key and a dynamic key. The present invention eliminates intermediate decryption of data that is transmitted between computer systems. More particularly, encryption efficiency is improved by eliminating decryption of the statically encrypted data while incorporating the advantages of a dynamic key such as enabling rapid change of the dynamic key. The efficiency improvements reduce the computer resources required to protect the data and therefore stronger data encryption may be enabled with the saved computer resources. End-to-end security of the data is maintained without the need for trusted data servers.

A trusted third-party authentication protocol that facilitates secure commercial transactions over computer networks between a merchant and a user. The method and system of the present invention generally involves three entities: 1) a guarantor, which acts as a trusted arbitrator, 2) a merchant, and 3) a consumer or user. In one embodiment, the guarantor authenticates users and provides authentication documents back to the user for use in transactions with merchants. The authentication document generated by the guarantor can be used as a means to validate a user's identity and/or to provide authorization/validation of a specific transaction.

A communication apparatus capable of easily identifying a communication partner and securely sharing a session key between the communication apparatus and the communication partner even if the communication apparatus has a processing power that is not so high includes a short-range active communication unit 101 transmitting an inquiry signal to a short-range external communication apparatus by electromagnetic waves and waiting for a response to the inquiry signal; a long-range communication unit 104 capable of communication by the electromagnetic waves in a range wider than the communication area of the short-range active communication means; a switching unit 111 switching to either the short-range active communication unit or the long-range communication unit; and an asymmetric key generator 102 generating a pair of an encryption key and a decryption key corresponding to the encryption key. The communication apparatus is characterized by using the decryption key to decrypt an encrypted session key transmitted from the external communication apparatus and transmitting to the external communication apparatus a communication switching request signal to request the switching to the long-range communication unit and communication by using the long-range communication unit.

A cargo theft prevention method is disclosed. According to the method, a security device for sealing a cargo container and a communication system capable of being in communication with a sealer and an unsealer are provided. A first code utilizing a first algorithm stored in the communication system is generated. A second code utilizing a second algorithm stored in the security device is generated. The second code is then examined when the security device is to be unsealed.

In a remote control system having a transmitter and a receiver, a rolling code is ciphered to generate a ciphered rolling code by repeating, n times, an exclusive-OR operation on a constant code in a rolling code table and the rolling code as well as an-maximum shift keying. A key code specific to each control system is used as a constant code at the k-th exclusive-OR logic operation so that the k-th exclusive-OR logic operation becomes different from system to system resulting in different ciphering method for each system. The key code is set in an EEPROM in the process of control system production so that the rolling code may not be deciphered even by a design engineer as long as the key code is kept undisclosed.

Embodiments of the invention provide key distribution and authentication methods, devices and systems. The methods comprise the following steps that a business center server receives a first key request message sent by a user management server, generates a first-layer key of the user management server according to the first key request message and sends the first-layer key to the user management server; and the user management server generates a second-layer key of a terminal device according to the first-layer key and sends the second-layer key of the terminal device to the terminal device in order to make the terminal device and a network authentication server carry out mutual authentication according to the second-layer key. The business center server and the user management server distribute the different keys to each terminal device, each terminal device carries out mutual authentication with the network authentication center based on the respective key, and a communication key of the terminal device and a function network element is finally obtained, a method for establishing a safety communication channel is provided for the terminal device, and the application range is wide.

A hand-held token for secure conveyance of encryption keys includes memory for holding a media key and at least one device key. Control logic reads the media key from memory, encrypts the media key based on the device key, and transmits the encrypted media key to a data storage device. The data storage device decrypts the encrypted media key using its own device key, which may have previously been downloaded from a token.

A method and system for preventing replay-type attacks on a vehicle communications system that sends short message service (SMS) messages between a call center and a fleet of vehicles. The method uses separate sequence counters maintained at the call center and at each of the vehicles in the fleet to help prevent or at least minimize the effects of unauthorized third party interference; such as replay-type attacks. Each wireless message is embedded with a sequence counter that is provided by the sender and is compared by the recipient with a separate sequence counter for purposes of validation. Some optional features that can be used in conjunction with the sequence counters include a tolerance window feature, a consecutive message feature, and a proximity feature, to name but a few.

In a key-insulated cryptosystem according to the present invention, a plurality of external devices are associated with a number of updates of a terminal secret key which has already been updated, and a different piece of secret information is stored in each of the external devices. In addition, a key-updating method in the key-insulated cryptosystem according to the present invention includes steps of: selecting one of the external devices depending on the number of updates of the terminal secret key; and causing the selected external device to generate key-updating information used for updating the terminal secret key based on the number of updates and the stored secret information.

In a secret sharing process based on an improved threshold scheme, secret data is shared as shared data parts equal to or greater than a threshold value in number such that the secret data cannot be reconstructed from shared data parts less than the threshold value in number. Each of the shared data pieces is created essentially from a different combination of the secret data pieces and the data pieces for secret sharing computation. The secret sharing process allows an algorithm desired by the user to be freely incorporated, and can prevent the secret data to be easily reconstructed even when more shared data parts than the threshold value are acquired by a third party.

The invention discloses an off-line Internet control device, system and method. The off-line Internet control device generates one or more dynamic passwords according to a preset one-time password algorithm and selection rules by using a seed file preset inside the off-line Internet control device and a real-time clock signal, a cloud server generates one or more dynamic passwords according to the same seed file and clock signal and the same one-time password algorithm and selection rules, the cloud server returns the generated dynamic password to a user, and then the user inputs the acquired dynamic password on the off-line Internet control device within a specified time interval, and the off-line Internet control device confirms the identity of the user and the performed operation through comparison and controls a corresponding executing mechanism to operate after successful confirmation. The off-line Internet control device is applicable to different application occasions such as shared bicycles, large express cabinets, automatic vending machines and water dispensers, and has the advantages of high confidentiality, low power consumption and the like.

The invention provides a reusable public key certificate scheme based on a public key infrastructure. The scheme comprises the steps: (1) an applicant submits a user main public key and relevant information of the applicant to a certificate authority, and the certificate authority issues a signed user main public key certificate after the certification passes; (2) the applicant automatically generates an application user public key for a specific application and application public key verification information; (3) a message sender verifies the ownership of the application user public key, and if the ownership is verified to be the applicant, the message sender performs relevant public key password operation by using the application user public key; and (4) the applicant decrypts the received encrypted message using the application user public key, or performs digital signature using a private key corresponding to the application user public key. The public key password system is very convenient to use, is high in security, and greatly improves the working efficiency of the certificate authority (CA) in the public key infrastructure.

The invention relates to a dynamic password verification method, which is characterized in that the password input by the user includes static and dynamic characters, and the user agrees in advance on the calculation method of the dynamic password when creating or setting an account, and the calculation method uses variable data such as date, after Simply change the dynamic password used for verification; when the password needs to be verified, the user enters the static password and the dynamic password formed by simple calculation on the terminal device or the client software interface, or uses the dynamic password to encrypt the string obtained by encrypting the static password and submits it for verification ; The terminal device or client software decomposes the obtained input into a static password and a dynamic password string or uses a dynamic password to decrypt the input string to obtain a static password; the server compares the received encrypted static password with the pre-saved user password, such as If necessary, compare the received dynamic password with the string obtained according to the same algorithm to determine whether it can pass the verification.

The subject matter discloses a method for providing identity to a software module, comprising splitting a secret key using a split multi-party computation (MPC) process between the software module and a security server and storing one share of the secret key in the software module and another share of the secret in the security server, the security server receiving a request from the software module to access a resource, in response to the request, the security server encrypts a message, said encrypted message is obtained by the software module, the software module initiates a decryption multi-party computation (MPC) process to decrypt the message encrypted by the security server using according to the shares of the secret key, the security server receives the decrypted secret and the public key and the security server signs a certificate associated with the requested resource and the software module and sends the certificate to the software module.

The present invention relates to a content protection apparatus and method using binding of additional information to an encryption key. The content protection apparatus includes an encryption unit for creating an encryption key required to encrypt data requested by a user terminal and then generating encrypted data in which the data is encrypted. An additional information management unit manages additional information including authority information about the encrypted data. A White-Box Cryptography (WBC) processing unit generates a WBC table required to bind the encryption key corresponding to the encrypted data to the additional information. A bound data generation unit generates bound data in which the encrypted key is bound to the additional information, using a cipher included in the WBC table.

The invention discloses a dynamic generation method for an access key of an automobile electronic information card. The automobile electronic information card comprises a Reserved data storage area, an EPC (electronic product code) data storage area, a TID (terminal identification) storage area and a USER storage area. Based on RFID (radio frequency identification) technology, initialization is realized, the access key and an EPC random code are generated dynamically, and access key updates are accessed. The method includes the steps: initializing the automobile electronic information card, dynamically generating the access key of the automobile electronic information card, and updating the access key. Compared with the prior art, the access key of the automobile electronic information card is simple in structure, scientific and reasonable in design and low in manufacturing cost, doesn't need to be stored in a reader, an acquisition device or a data center, and accordingly security of data in the automobile electronic information card is improved, read-write speed and efficiency of the reader are improved, dynamics of access key generation is achieved, and a safe and reliable dynamic generation system for the access key of the automobile electronic information card is provided.

A method for aggregating data in a network, particularly in a wireless sensor network, wherein the network (1) includes a plurality of sensor nodes (N_i) to measure data and at least one sink node (S) at which the data measured by the sensor nodes (N_i) are aggregated, and wherein each sensor node (N_i) encrypts its measured data with a key k and forwards the result towards the sink node (S), is characterized in that, in the context of a key distribution within the network (1), a master key K is chosen, and that the master key K is autonomously split up by the network (1) into individual keys k_i to be used by the sensor nodes (N_i) for encrypting measured data, with the sum of all individual keys k_i being equal to the master key K.

The invention discloses a data processing method, a client is logging on to the server based on the login instructions; using the default key generation algorithm generates the keys based on the user's login information, the upload data is encrypted with the key; the encrypted upload data is uploaded to the described server; the sever receives the data uploaded by the client after logging; The key is generated by the default key generation algorithm based on the user's login information that corresponds to the client; the received data is decrypted through the key. The embodiment discloses terminal, communication device and system; the security of the data in the transmission process is increased.

The invention discloses an authentication system based on a central node. The authentication system comprises local verification and authentication units and a remote verification and authentication unit; each of the local verification and authentication units includes a local authentication device; the remote verification and authentication unit includes an authentication central device; the authentication central device and a plurality of the local authentication devices are further respectively connected with a key relay device; the local verification and authentication units are connected to corresponding external devices. The invention further discloses an authentication method based on the central node. Compared with the prior art, through local verification and authentication or remote verification and authentication, on the basis of communication of authentication centers for the local verification and authentication and the remote verification and authentication, the communication connection between the external devices and all devices connected with the authentication centers is implemented by the authentication system and the authentication method, the defect that the external devices only can perform authentication with a designated device is abandoned, and the convenience is provided for multi-point authentication and communication; and in addition, the multi-encrypted transmission of authentication information is implemented in an authentication process, and the security for transmitting the authentication information is guaranteed.

The embodiment of the invention provides a generation and verification method and device of a verification code picture. The generation method comprises the following steps: selecting a plurality of first elements and a plurality of second elements, wherein there is a preset association relationship between each first element in the plurality of first elements and at least one second element in the plurality of second elements; determining a picture to be synthesized, and determining the positions of each first element and each second element in the picture to be synthesized; and synthesizing the plurality of first elements and the plurality of second elements to the picture to be synthesized according to the positions of each first element and each second element, and obtaining the verification code picture. The generation method of the verification code picture provided by the invention solves the problem that the prior art cannot effectively prevent a machine program from recognizing a verification code.

The invention discloses a group message sending method and system, a group message receiving method and system and a communication terminal. The group message sending method comprises the steps of taking a time stamp, an interaction key and a key seed corresponding to a local group as input, carrying out operation through a preset key generation algorithm and generating a current message key; encrypting a current group message through utilization of the current message key and a preset symmetric encryption algorithm, thereby obtaining a ciphertext message; and sending the ciphertext message and the corresponding time stamp to other client modules in the local group through a group chat message platform. According to the methods, the systems and the communication terminal, the current message key can be updated in real time, so the risk that the current message key is broken can be effectively reduced. Even if other person obtains the preset key generation algorithm, data transmission is not carried out on the key seed along with the ciphertext message, so the other person is difficult to obtain the key seed, under the condition that the key seed cannot be obtained, the other personcannot obtain the current message key, and the ciphertext message cannot be decrypted.

A random code generator includes an address Y decoder, an address X decoder, a PUF entropy pool, a processing circuit and an entropy key storage circuit. The address Y decoder includes plural Y control lines. The address Y decoder selectively activates the plural Y control lines according to a first address Y signal. The address X decoder includes plural X control lines. The address X decoder selectively activates the plural X control lines according to a first address X signal. The PUF entropy pool generates an output data according to the activated Y control lines and the activated X control lines. When the random code generator is in a normal working state, the processing circuit processes the output data into a random code according to at least one entropy key from the entropy key storage circuit.

The invention discloses an agent type anonymous communication method based on a homomorphic encryption scheme. The agent type anonymous communication method comprises the steps that S1, a sending endcarries out original encryption on target data to obtain ciphertext data c1; S2, the sending end sends the ciphertext data c1 to a server; S3, the server performs homomorphic encryption on the ciphertext data c1 to obtain ciphertext data c2; S4, the server sends the ciphertext data c2 to a receiving end; and S5, the receiving end decrypts the ciphertext data c2 to obtain ciphertext data c1. The method is mainly used for reliably and completely transmitting private data (mainly for position data) of participating vehicles in the Internet of Vehicles, safe operation of the participating vehiclesin the Internet of Vehicles is achieved by improving the safety and confidentiality of the position data of the participating vehicles in the Internet of Vehicles, and certain economic benefits and engineering practicability are achieved.

The invention discloses terminal equipment with an encryption system. The terminal equipment comprises terminal equipment and an encryption card, wherein the terminal equipment is provided with a common system; the encryption system is arranged in the encryption card; the encryption card can be connected or disconnected with the terminal equipment in a pluggable mode; the terminal equipment further comprises a selection module used for the terminal equipment to select to start the encryption system or the common system, a check module used for checking whether the terminal equipment is connected to the encryption card or not, an encryption system server used for carrying out identity attribution identification on the encryption card, a data transmission module used for returning an identification result of the encryption system server to the terminal equipment, and a data processing module used for receiving a content of the data transmission module and starting the corresponding system according to the demand of the selection module. The terminal equipment provides the encryption system with better confidentiality, and the use safety and confidentiality can be realized.

One embodiment provides a system that facilitates efficient key retrieval by using key catalogs in a content centric network. During operation, the system generates, by a client computing device, a first interest for a key indicated in a signed key catalog. In response to receiving the key, the system verifies the received key by determining that a hash of the received key matches a hash of the key as indicated in the catalog based on a name for the received key. The system generates a second interest for a content object, wherein a name for the second interest includes a name prefix associated with the key as indicated in the catalog, wherein the first interest is transmitted before or concurrent with transmitting the second interest. In response to receiving the content object, the system verifies the received content object based on the key.