189results about How to "Avoid security breaches" patented technology

The invention relates to an identity authentication system with biological characteristic recognition function and an authentication method thereof. The system comprises a CPU main control unit (MCU), a system control unit, a hardware encryption and decryption unit, an on-chip memory with MPU protection function, an external communication unit, a man-machine interaction control unit, an external memory control unit, a PKI system and a sensor system, wherein the on-chip memory is used for realizing secure storage and access of such data as personal information, data, procedures, keys, system parameters, etc. The invention has the following beneficial effects: 1. solving the problem of security holes of pins of existing security products, radically solving the problem of authentication of personal identity and having high security; 2. guaranteeing the personal information of the user not to be cracked by logic attacks, side frequency attacks, physical attacks and other means through the hardware; 3. guaranteeing the personal information of the user to be securely stored and not to be cracked by splitting and photographing the chips and other means through the hardware; and 4. effectively avoiding the leak that the transaction information is tampered when the transaction information is sent to the personal identity authentication terminal.

The present invention is embodied in a system and method for providing access authentication of users attempting to gain access to a network based on connection orientation parameters to prevent security breaches of the network. In general, after a connection is requested to gain access to a networked computer, all router addresses through which the request went is gathered and compared to a well-known set of firewall router addresses (for example, of known companies) to determine the validity of the request. If one of the gathered addresses match the well-known set of firewall address, the request is deemed to have come from the other side of the firewall and the connection is denied. As such, in an intranet networking environment that uses a firewall, the present invention will provide computer users of the intranet protection from unauthorized access by others that do not have access past the firewall.

The invention discloses a method for safely automatically downloading a terminal master key TMK in a bank card payment system and a system thereof. The bank card payment system comprises a point of sales (POS) terminal, a terminal management system (TMS), a password keyboard and a hardware security machine. The method comprises that: the TMS calls the security machine to generate a pair of public and private keys; the POS terminal calls the password keyboard to randomly generate the terminal master key TMK, and encrypts the TMK by using the public key of the TMS and uploads the encrypted TMK to the TMS; and the TMS calls the security machine and decrypts the TMK by using the private key and stores the decrypted TMK. The TMK is randomly generated, the transmission process is closed, a TMK plaintext cannot appear outside safe storage equipment and is encrypted by the public key in the transmission process, and a TMK ciphertext can only be decrypted in the security machine of the TMS, so that the method and the system have high safety.

Method for preventing security breaches via the two-thief method of attack of passive remote keyless entry systems for vehicles. The method involves the transmission of a signal between a fob and the vehicle, where the level of the signal changes in a particular pattern. At the receiving side, anomalies in the pattern of the received signal (e.g., levels, timing) are detected and used to detect attempts to mimic the signal.

The invention discloses a system and a method for realizing OTA upgrade of embedded hardware based on a block chain. The method comprises the following steps: constructing a P2P network topological structure comprising a plurality of service nodes downloaded by firmware; taking one service node as a first block node, and converting other service nodes in the P2P network into one block node on theblock chain one by one through a block chain consensus verification mechanism; storing the latest firmware software on the service node, and calculating the node content by using a Hash algorithm to obtain a Hash value of the service node; wherein the node content comprises feature information of the service node and firmware software stored on the service node; and the intelligent terminal downloads the corresponding hash value from the service node of the P2P network, carries out firmware version security verification according to the hash value, downloads and stores the verified firmware software, and upgrades the firmware software. The safe and credible P2P network topological structure is established by using the block chain technology, and the OTA upgrading reliability and safety ofthe intelligent terminal are improved.

The invention relates to a device, which realizes a terminal authentication network when a SIM card uses a WCDMA or GSM / WCDMA terminal and a WCDMA network. The device includes a SIM card, the terminal of an authentication unit and the network entity of the authentication unit, wherein, the SIM card is used to generate a temporary key Kc, the terminal of the authentication unit is used to calculate the parameters of the terminal authentication network and compare the parameters with the corresponding parameters sent by a network, and the network entity of the authentication unit is used to calculate the parameters of the terminal authentication network of the network side, which are then sent to the terminal. The invention provides a method and the device, which can be conveniently realized and applied and realize the terminal authentication network when the SIM card of 2G uses the WCDMA or GSM / WCDMA terminal and the WCDMA network, so a bidirectional authentication mechanism is provided to make up for the security vulnerability of being attacked by counterfeit base stations, thus enhancing the security mechanism under the widely existing situations.

The method comprises: new node initiates an identification letter issuing request to all authorization node; after receiving the responses for agreeing to participate in issuing identification letter from at least t authorization nodes, the new node selects t authorization nodes from them; the selected authorization nodes use a hop-by-hop signature approach to incorporate with the new node to generate the group signature and to generate identification letter.

The invention relates to a method for encoding and manufacturing a multi-interactive authentication RFID compound intelligent tag, as well as a system thereof. An EPC product electronic code which is provided with a time code and is randomly corresponding to a sequence code is prepared as a storage code of a non-chip RFID, a surface acoustic wave RFID or a powder RFID chip; the code is converted to a plaintext code via encryption and is printed on a tag for covering; the plaintext code is converted to a bar code and printed on the tag; a digital safe line production tag is used to carry out the pre-chopping treatment of the tag, so as to prevent the transfer; numbers on the safe line are identified by photography; EPC codes, passwords, bar codes and the safe line digital codes are stored correspondingly; a tag anti-counterfeit system, a bar code scanning system and a radio frequency identification system are all connected with the Internet of Things; thus the same product information and logistics path information can be accessed through the EPC Internet of Things regardless of using radio frequency identification, man-made identification or machine identification. The invention can greatly reduce the tag cost, improve the safety, and expand the information redundancy and the application adaptability.

The invention relates to a wireless network system and a wireless network access method. The wireless network system comprises a coordinator and at least one router; the router is selected by equipment to be accessed based on a beacon frame monitoring list, and the router is provided with a white list for authenticating the equipment to be accessed; the coordinator is used for transmitting an authentication result of the white list and identification information of the equipment to be accessed to each router so as to accept/reject a re-connecting request of the equipment to be accessed. Through beacon frame buffer screening for the router, the wireless network system and the wireless network access method of the invention not only could filter ineffective or malicious equipment to be accessed, but also could select to obtain the most effective equipment to be accessed according to historical linkage times, thereby improving the safety performance of the wireless network.

An identity authentication method based on ultrasonic lip-reading recognition comprises the steps of (1) transmitting, by a signal transmitting source, an ultrasonic signal, and receiving, by a signal receiving source, a reflected signal from the mouth; (2) extracting lip-reading characteristics from the reflected signal acquired which include spectral characteristics corresponding to a lip-reading event and dynamic lip outline characteristics of a user; (3) recognizing and authenticating the user according to the lip-reading characteristics extracted in step (2). The identity authentication method has the advantages that identity authentication characteristic parameters are acquired through ultrasonic sensing capacity without extra hardware customization, the deployment cost is low, and the applicable range of ultrasonic technology in mobile terminals is widened; the security vulnerabilities in the existing techniques such as facial recognition and fingerprint recognition are solved by taking advantage of differences between behavior habits of users expressing a same lip-reading event in conjunction with biological characteristics, and efficient identity authentication can be achieved.

The method and system allows a remote user to virtually access and use software in his/her primary processing unit from remotely located mobile input/output device which can comprise a display, keyboard, mouse, and a transceiver. The only function of the mobile input/output device is to send input signals to the remotely located primary processing unit where they are processed and transmitted back to the mobile input/output device for display and use by the user. Input sent from the mobile input/output device to the primary processing unit is in the form of raw, unprocessed electronic signals. The mobile input/output device uses computing power of the primary processing unit; the CPU, applications, files and services of the primary processing unit to process the electronic signals. The mobile input/output device needs only very limited power, and does not require its own software and associated hardware to duplicate data processing or storage functions.

Adata processing methodis implemented in a system including a processor. The system receives a request for transferring amount from an initiating user client, where the request includes an initiating user identification and target information. The system obtainsa target user identification and an allotted amount of the target user identification based on the received request, wherein the allotted amount is smaller than or equal to a total amount corresponding to the target information. The systemencapsulates the target information and the allotted amount in a dialog message, and sending the dialog message to a message window of a target user client corresponding to the target user identification. The systemreceives a confirmation request from the target user for confirming the dialog message on the message window of the target user client, then subtracts a corresponding amount from a first account and adds the corresponding amount to a second account.

A computer system and method for the bottom identity authentication, it contains the trigger unit for the identity authentication of the users of EFI (21), The identification unit of the identity of the users of EFI (22), the certification unit of the identity of the users of EFI (23), and the management unit of the safety for the EFI. The trigger unit for the identity authentication of the users of EFI (21) will be started after the users has started the computer system and finished the initialization of the platform. It will judge the safe grade of the computer system and enter directly the start of the operation system or execute the next step according to the safe grade assigned. It will remind the users to execute the identity authentication, and the users must input information. And then the identification unit of the identity of the users of EFI (22) will be started to obtain the identification information of the users. The certification unit of the identity of the users of EFI (23) will be activated to verify the legitimacy of the identity information of the user. The operation system will be started if the users is legitimate, otherwise, the operation of the user will be refused and not to start the operation system. The method is easy and useful, and has some advantages, such as the supporting function and the applicability of it are very strong.

The invention provides a method for generating a big data security posture map based on trusted computing. The method for generating a trusted security posture map based on a geographical map, security data acquisition and the like, the credibility of information data acquisition of a trusted network is guaranteed, and alarm information is filtered and aggregated based on an algorithm for degree of nearness; events which cannot affect the security are removed from the normal alarm, so that the security hole is avoided while the disturbance to a monitor is reduced; the authenticity of trusted security behaviors of the posture map is higher; an overall map generation trusted environment from trusted data acquisition to merging and filtering to alarm generation and posture map generation is constructed, so that the trusted security, the integrity and the authenticity of the security posture map are guaranteed, the credibility of the posture map is guaranteed, and a trusted access and display mechanism is constructed on the basis of characteristics with a protection function, authentication and integrity measurement and the like.

The invention discloses a shipping unloading and loading control system and related systems and devices, which can achieve full automation of ship loading and unloading; The ship unloading control system comprises the dispatching center system generates a ship unloading plan according to the ship information of the target ship, the container information and the shore crane equipment information, generates a ship unloading task and a ship berthing task according to the ship unloading plan, and sends the ship berthing task and the ship unloading task to a ship control system of the target ship and a shore crane control system of the target shore crane equipment respectively; The ship control system sends ship information and container information to the dispatching center system, controls atarget ship to run to an operation area corresponding to the target shore crane equipment according to the received ship berthing task, and sends a ship in-place notification message to a shore cranecontrol system of the target shore crane equipment; And when the shore crane control system receives the ship in-place notification message from the ship control system, the shore crane control systemcontrols the target shore crane equipment to load the container on the target ship to the vehicle according to the ship unloading task.

A method for defeating a two-thief attack on a passive RKE system by using frequency hopping. Radio frequency signals are transmitted between a fob and a vehicle. The transmitted signals hop between at least two radio frequency transmitting channels in a particular pseudo-random pattern known to the vehicle. At the vehicle, the transmitted signals are received in a process that is sequentially adjusted to take account of the known characteristics of each portion of the known pattern. Anomalies in the pattern of the received signals are detected and, if the anomalies exceed permissible limits, access to said vehicle is blocked.

The invention discloses a method for realizing access layer security, user equipment, and a small radio access network node. The method comprises: end-to-end user plane access layer security between user equipment (UE) and a gateway node is executed; and when a micro-communication path exists at the UE, end-to-end control plane access layer security between the UE and an initial access node is executed; and or when a micro-communication path and a macro-communication path exist at the UE, end-to-end control plane access layer security between the UE and a macro eNB in the macro-communication path is executed. The micro-communication path is a communication path in which the UE is connected to a small radio access network node by a radio access link and then is connected to a core network and the macro-communication path is a communication path in which the UE is connected to the macro eNB by a radio access link and then is connected to a core network. Because the user plane security is only executed in an end-to-end mode between the UE and the gateway, the user plane security is guaranteed well; and the control plane security is only executed in an end-to-end mode between the UE and the initial access node or the macro eNB, so that the time delay of the control plane security operation is reduced on the premise that the control plane security is guaranteed. Meanwhile, the mobility performance of the UE is improved; and continuity of user plane data transmission of the UE is guaranteed.

The invention relates to a chipless quasi-RFID multi-verification low-cost encrypted EPC compound label coding method, a manufacturing method and a structure, as well as a computer management system. An EPC product electronic code which is provided with a random encryption code and is randomly corresponding to a sequence code is compiled, a plain-text password which is converted by encryption is printed on a label for covering, the plain-text password is then converted to a bar code to be printed on the label, a digital safety line is used for producing the label, the label is carried out the pre-chopping treatment to prevent the transfer, digits on the safety line are shot and identified, the random encryption EPC code, the plain-text password, the bar code and the digits of the safety line are stored correspondingly, a label anti-counterfeiting inquiry system and a bar code scanning system are both connected with an EPC network, the same product information and the logistics path information can be obtained by the EPC network regardless of artificial recognition and machine identification. The label cost is greatly reduced, the safety is improved, the information redundancy and the application adaptability are expanded, and the seamless connection is updated to RFID labels with other recording forms.

The invention relates to a software service interface calling method and system with high security levels. The scheme mainly comprises service management, service publication and service calling. The security and reliability of information transmission can be ensured in the following forms: an interface is implemented through a file transmission layer, and one-way transmission and asynchronous response are adopted; bidirectional secondary encryption is performed in a file transmission process, and the security of data can be ensured, so that security holes caused by the cracking of the key of one side are avoided; links of each application and service are isolated effectively through a service scheduling center, and all calling is performed through a service bus; and a tracing basis is laid through an auditing function. The software service interface calling method and system are suitable for the high-security software manufacturing industry, and can support software service interfaces among different platforms or different development languages.