138results about How to "Defense against replay attacks" patented technology

The invention discloses a secure certificateless hybrid signcryption method without pairing. The method is used for solving a technical problem of low efficiency of a conventional certificateless hybrid signcryption method. The method is characterized by a KGC is restricted by a user part public key in a stage of generating a part secret key by prescribing a fixed secret key generation sequence of a user so as to bind the user part public key when a signcryption user performs signcryption on a plaintext and guarantee enough resistance to public key replacing attack; before a user complete private key is generated, using a part private key bound with user identity information and a part public key to verify an equality in order that the user timely detects an invalid behavior of the active dishonest KGC, resists to malicious KGC attack, improves a system security level, and eliminates unnecessary computation consumption; in a unsigncryption stage, substituting scalar multiply operation on a elliptical curve to for expensive time-consuming bilinear pairings to complete message signcryption and unsigncryption processes, thereby improving computation efficiency.

The invention relates to a light-weight authentication key negotiation method based on an implicit certificate, and belongs to the technical field of identity authentication. The method is used for establishing a secure channel between an OPC UA server and an OPC UA client and generating of a session key. Three entities, a credible certification authority (CA), the OPC UA client A and the OPC UA server B, are involved in an authentication key negotiation process. The OPC UA server B and the OPC UA client A acquire the own implicit certificates after the CA completes identity registration. Then the OPC UA server B and the OPC UA client A complete bidirectional authentication and key negotiation between the entities by using a light-weight algorithm. According to the method provided by the invention, the light-weight authentication key negotiation method based on the implicit certificate is provided aiming at the problem that an existing OPC UA security mechanism is not applicable to a resource-constrained communication environment. The method provided by the invention can be efficiently and safely applicable to an industrial network with a large amount of resource-constrained embedded OPC UA equipment.

The invention discloses a method for distributing code stream encrypting and decrypting keys in an SIP video monitoring system. In the method, in a process for calling a 3 pcc between code stream encrypting monitoring front end equipment and code stream decrypting customer premise equipment, or a process of calling a 3 pcc between the code stream encrypting monitoring front end equipment and a media server and a 3 pcc between code stream decrypting customer premise equipment and the media server, seeda, seedb and seedc, which are obtained by the monitoring front end equipment, the media server and the customer premise equipment in an identity authentication process during registration, are used as keys shared with an SIP server and identifiers, the content of an SIP signaling message bodySDP is expanded to carry the encrypting and decrypting keys, and a symmetric algorithm or asymmetric algorithm is used to guarantee the safety of the transmission of the encrypting and decrypting keys. The method has the advantages of generating different keys at each time of broadcasting, greatly improving safety coefficient, resisting replay attack and eliminating the safety hazards of the storage of the keys at multiple places.

The invention relates to a method for mutual authentication of user identities based on elliptic curve passwords. The characteristics of storage capability, calculation capability and limited bandwidth of an Ad Hoc network are considered, and a self-authentication public key system and the intractability of an elliptic curve discrete logarithm problem are utilized, so as to reduce the interaction times of the user identity authentication process, and accelerate the authentication speed. The method comprises the following steps of system initializing, user registering, and mutual authentication of the user identities. The method has the advantages that while the mutual authentication of the user identities is guaranteed, the function of session key negotiation is realized, the storage expense, communication expense and calculation expense are all less, the replay attack, man-in-the-middle attack, counterfeiting and tampering attack, and key disclosure counterfeiting attack can be resisted, a generated one-time session key has the advancing security and backward security, and the security is higher.

The invention discloses a repeating data deleting system and method applicable to cloud storage. The repeating data deleting system is based on strategies, a security agent and a random storage mechanism are adopted, a storage service is separated from a security service, the space utilization rate of cloud storage is improved, bandwidth occupation of redundant data is reduced, and security of user data and privacies is improved at the same time. The system is mainly composed of a client, the security agent and the cloud storage, wherein the security agent is the most secure core and is mainly used for ensuring the security of the user data and privacies. The repeating data deleting system and method applicable to cloud storage have the advantages of being high in security, system efficiency, bandwidth utilization rate and the like, and can resist replay attack, impersonation attack and security threats brought by partially trusted cloud storage providers.

The invention relates to a method for monitoring and analyzing the own health status of a wireless sensor network. The method comprises the steps: A, allocating 50 sensor nodes and 1 convergence node in a monitoring region; B, storing, and then transmitting to clients through the internet in a multicast mode; and C, analyzing the own health status of the wireless sensor network. In addition, commands can also be sent to each node through a server by using the clients and mobile telephones to adjust the status of the network. The invention has the advantage that the server can obtain various status information of the remotely-monitored region through a mobile communication network or trunk nodes, and simultaneously transmit the status information to multiple clients through the internet in the multicast mode after the analysis and storage processing, and therefore, users can observe the own health status information of the current wireless sensor network after the status information is visualized through the clients.

The invention discloses a lightweight security authentication and key exchange method for narrow-band internet of things. The communication main body comprises a terminal and a server. Before the communication is established, the root key is shared between the terminal and the server, and the two-way authentication is realized by adopting a challenge-response interaction mechanism based on a symmetric cryptosystem. The present invention mainly solves the problem of the two-way identity authentication and key exchange between the terminal and server in the Internet of Things application systembased on NB-IoT and other narrow-band Internet of Things connection technologies, can realize lightweight security authentication algorithm, protocol and key agreement mechanism, and meet the design requirements of low power consumption, low bandwidth consumption, low interaction frequency and high security.

The invention discloses an RFID authentication method and system based on PUFs. The system comprises a backend database, a reader and a tag, wherein communication between the backend database and the reader can be realized by using a conventional network security technology, so that the communication between the backend database and the reader is safe; however, the communication between the reader and the tag is not realized through the conventional network security technology, so that the communication is not safe. The RFID authentication method has the advantages of high safety and authentication efficiency, little in resource consumption and the like, can resist typical attack techniques such as replay attacks, counterfeit attacks, track attacks, physical attacks and the like, has forward safety and backward safety, and realizes bidirectional authentication between the reader and the tag. A public key encryption method is used, so that the RFID authentication method has higher safety.

The invention provides a safety authentication method of a webpage and an apparatus thereof. The method comprises the following steps of generating a random number according to a service request sent by a user terminal; sending the random number to the user terminal so that the user terminal carries out Hash encryption on the random number, a server address and a password input by a user, and acquiring target information; determining whether the target information and a user name input by the user accord with a service authentication condition; and if the target information and the user name input accord with the service authentication condition, passing authentication of the service request. In the safety authentication method of the webpage of the invention, when the hash encryption is performed, the hash encryption is performed on the random number, the server address and the password. Because of existence of the random number, encryption objects are different each time so that the target information acquired through encryption each time is also different. Therefore, the target information is safe in a transmission process, replay attacks can be effectively prevented, safety of webpage authentication is increased, and technical problems that traditional webpage authentication safety is poor and a hidden trouble of the replay attacks exists are alleviated.

The invention discloses a method for preventing location cheating for iBeacon, and the method comprises the steps as follows: sending the current dynamic random number, Major initial value and Minor initial value to the iBeacon base station by the authentication server; receiving and analyzing the notice frame data broadcasted by iBeacon base station and obtained by the mobile phone APP and sending the data message, obtains the Major, Minor of mobile phone APP and user ID, having the OR operation on the obtained Major, Minor and the current dynamic random number to obtain the correlative value of the Major and Minor; judging whether the correlative value of the Major and the initial value and the correlative value of the Minor and the initial value is equal; if yes, the authentication server sends the permission and user ID to the server, the mobile phone APP can obtain the application service of the application server. According to the present invention implementation case, and there is no need to modify the iBeacon protocol standard, the replay attack can be safely and effectively resisted for preventing location cheating for iBeacon.

A dynamic password security login method is provided, which sets that a client and a server have weight synchronous models with the same parameters, and comprises the following steps: initiating a login request by the client, and sending a user name to the server, generating a random number by the server and returning to the client, obtaining that M=user 'Passwd' R, H=SHA1(M), F=LFSR (H) by respective calculations of the client and the server, obtaining the same weight WC=WS according to the mapping algorithm of a random number sequence F, leading the weight synchronous model to study P=%n order by the client according to the random number, wherein R is the random number, n is a preset value, sending the weight vector WC after updating P orders to the server after Hash algorithm SHA1(WC), and leading the weight synchronous model to study P orders by the server to obtain the weight vector WS after updating P orders, and calculating the Hash value SHA1 (WS) thereof, wherein the identification is success if the SHA1 (SC)=SHA1(WS), or is false. The dynamic password security login method has simple use, highly-effective security and low cost.

The method can remove the influence to the voice communication by changing address in mobile self-organized network. It includes following steps: at the stage of building network connection, through a handshake process the real current IP address in the goal node is obtained; a random number is shared by the both sides of communication to use in authentication and encryption in communication process; after completing connection and entering into calling, each side of communication must periodically transmit the message about encrypted address to another side for informing another side real IP address that is currently used by present side, with the method any change of address in current node will be informed another side in time.

The invention discloses a wireless body area network security access method. Two interaction modes, namely, the unicast mode and the multicast mode, are set; two launching modes are set, and in other words, a network coordinator launches hand shaking and sensor nodes launch hand shaking; thus, when a certain part is injured and the blood pressure suddenly rises or in other words, the measurement indexes of a certain or some sensor nodes exceed the corresponding index limitations, the corresponding sensor nodes actively launch the hand shaking process, the situations of patients are rapidly fed back to medical staff, and patients are helped in time. According to the method, dynamic negotiation of a user conversation key is achieved through enhanced four-step hand shaking, hand shaking information is reduced, all the information is encrypted, the unicast access mode and the multicast access mode are set, and the remote access problem is solved through a multi-hop method. The method has the advantages that the access efficiency of a large number of sensing nodes is high, security is high, and the energy consumption is low, and the method can be used for the access of the sensing nodes in a wireless body area network and the dynamic negotiation of the user conversation key.

Applying to no / weak local storage system client digital certificates system belong to a digital certificate system technology. Its features are: based on public key infrastructure architecture, containing certificates body system, a registered body system, certificate management systems, key management system, information dissemination and interface systems and procedures for client visit one or more of these components, adopted random number, salt and several rounds of iteration, etc to guarantee the security of the system and conducted by the client decryption key generation and processing operation means to achieve the system's scalability. The system without the help of key external storage devices solved the network computer systems deployed digital certificate system in the terminal when the entity's private key data storage needs of the local computer network and storage characteristics of contradictions. Thus in ensuring security and scalability simultaneity, the digital certificate system implementation complexity and costs are lower.

The invention provides a method for generating and authenticating hidden video tags based on video characteristics and digital signatures, belonging to the technical field of information safety. In the method, a way for extracting and optimizing groups based on visual descriptors is used to generate video characteristics serving as one part of the tags, thereby realizing binding of the tags and the video, and effectively resisting conspiracy attack behaviors of attackers to authorized tags. The hidden tags constructed by the method have not only preferably robustness and safety, but also integrity and non-repudiation which are not endowed to the common video watermarks, as well as unique binding of the tags and the video and the like.

The invention discloses a message processing method. The message processing method includes the following steps. A receiving side receives a message from a sending side. The message at least carries an identifying serial number INum. The INum of the message is compared with a window header value LNum and/or a window end value HNum of a sliding window by the receiving side and whether the message is supposed to be abandoned or not is judged. The invention correspondingly discloses a message processing system. With the message processing method and the message processing system, the sliding window slides based on the window header value (minimum value) and the size of the sliding window is not fixed so that replay attack can be effectively resisted, a good effect of processing a delayed message is achieved and safety and reliability of the system are enhanced.

The invention provides a remote authentication protocol method based on password and an intelligent card, and belongs to the field of information safety. The protocol employs an optimized elliptical curve algorithm, a counting set and authentication codes are embedded, password can be modified, and the lost intelligent card can be canceled. The anonymity of a user is ensured, the method is safe and efficient, mutual authentication and negotiation of session key of the user are realized via twice interaction, and the method is suitable for remote authentication systems as e-cash, online education and remote medicine.

The present application discloses a multi-encryption based data transmission method. Compared with the prior art, the present application uses triple-hybrid encryption. When data is transmitted each time, plaintext data is encrypted by an asymmetric encryption method, and the data transmission random number plaintext is encrypted by a symmetric encryption method. A signature is added to the transmitted data. Once the signature is found to be inconsistent, it can be inferred that there is an illegal attacker, and random numbers generated each time are different from each other, and are doped inan encrypted message, so the attacker is difficult to determine the specific ciphertext length and a location of the specific encrypted message, and cracking and reuse cannot be achieved, thereby effectively resisting replay attacks and ensuring the confidentiality and authenticity of the data transmission. In addition, the present application also uses the hash value contrast method to ensure the integrity of the transmitted data.

The invention provides a remote protocol authentication negotiation protocol method based on biological features and belongs to the field of information safety. An efficient elliptic curve coding system is adopted. The method comprises the following steps that (1) system initialization is carried out to generate elliptic curve data; (2) a user submits register information to a server through a safe channel, and the server conducts data processing and then stores the information into an intelligent card and sends the information to the user through the safe channel; (3) a user needs to calculate login information and sends the login information to the server; (4) the purpose of authentication and key negotiation between the user and the server can be achieved through two times of hand shaking, and a session key is generated; (5) the user can achieve the purposes of changing a password and the biological features through the operation of the intelligent card without the assistance of the server. By means of the design, the protocol is high in safety, all mentioned known attacks can be resisted, meanwhile, dynamic identity is adopted, the anonymity of the user is protected, and the calculation performance is also greatly improved. The method is suitable for online education, remote medical and other remote authentication systems.

The invention belongs to the technical field of equipment identity authentication in an internet of things environment, and discloses an internet-of things-oriented equipment anonymous identity authentication method and system, the internet-of things-oriented equipment anonymous identity authentication method comprises the following steps: defining a communication model; selecting system parameters; initializing the system; registering equipment; calculating a private key and a temporary secret value; decrypting the ciphertext by using the temporary secret value; carrying out equipment authentication and key negotiation; and judging. The method has anonymity, and the real identity of the equipment and the relation between the equipment are not exposed in the interaction process; the method has the advantages of low power consumption, consideration of factors of limited processing and communication capabilities of sensor equipment, reduction of the calculation amount, the number of communication rounds and the storage overhead of a protocol, and adoption of elliptic curve point multiplication, hash function and XOR operation in other stages except for calculation of a temporary key by using bilinear mapping in an equipment registration stage; and the method has security, can successfully resist common Internet of Things attacks, and is well suitable for the Internet of Things terminal with limited resources.