35results about How to "Easy key management" patented technology

Frame of the invention includes three entities: accessing requestor, accessing controller, and strategy manager. The strategy manager manages the accessing requestor and the accessing controller as well as implements bidirectional user ID authentication between them, and evaluates integrality of platform. Based on decision made from the strategy manager, the accessing requestor and the accessing controller control local ports. Before terminal is connected to network, trusty network connection architecture (TNCA) measures state of platform. Based on secure protocol of trusty third party, the invention implements the said authentication and evaluation of platform so as to guarantee security of TNCA. Introducing strategy manager simplifies key management of the architecture, raises extensibility of the architecture. Features are: higher security for evaluating integrality of platform, centralized verifying integrality, and higher universality.

A mixed encryption scheme for a conference system is provided. The encrypting algorithm is that: before data communication, a message clear text is encrypted by using a DES method, and then the DES key is encrypted adopting an RSA method, so as to realize digital signature. By comprehensively using the existing encrypting algorithms DES and RSA, the strong points of which are utilized and the weak points are avoided. As the processing for main data adopts the DES encrypting algorithm, grouping processing for each datum can be completed in a very short time thanks to the fast speed of the DES encrypting algorithm; besides, the DES key encrypted by adopting the RSA algorithm can be publicized; therefore, the overall security system only requires few RSA decryption key. The mixed encryption scheme provided by the invention can not only give full play to the advantage of fast encrypting speed of the DES encrypting algorithm, but also give full play to the advantage of convenient management of the RSA algorithm; therefore, the mixed encryption scheme provided by the invention has the advantages of simple theory, fast speed and being easy to be realized; when being used in an instant communication system, the mixed encryption scheme can meet the requirement for real time and security of a conference system.

The invention provides a mobile commerce identity authentication method. In the method, key negotiation is realized by the most efficient elliptic curve-based public key cryptosystem in public key cryptosystems. An elliptic curve algorithm has the characteristics of low calculated amount and high safety, so the elliptic curve algorithm is used for generating a public key and a private key, and a public key cryptosystem without a third-party is realized and applied to the two-way authentication service of a client and a server.

The invention discloses access authentication method, equipment and system of a P2P (peer-to-peer) network, belonging to the technical field of network communication. Network equipment in the P2P network is subjected to access authentication by adopting an identity-based public key IBC (Information Bearer Channel) mechanism. The method comprises the following steps of: receiving an access requesttransmitted by opposite terminal network equipment by home terminal network equipment; selecting a private key from the private keys of the home terminal network equipment as a conversation private key of the home terminal network equipment according to the private key level of the home terminal network equipment and the private key level of the opposite terminal network equipment; calculating a conversation main key of the home terminal network equipment according to the conversation private key of the home terminal network equipment, the identity information of the opposite terminal networkequipment corresponding to the conversation private key of the home terminal network equipment, a first negotiation parameter and a second random number determined by the home terminal network equipment; and returning an access response to the opposite terminal network equipment. By utilizing the IBC mechanism, distributed access authentication under the P2P network mode is solved, thus the IBC mechanism is particularly suitable for the P2P network.

The invention discloses a key distribution method applicable to VOIP voice encryption, which is characterized in that a calling terminal initiates a session key application to a key distribution server (KDS) so as to trigger key distribution, the KDS generates a session key for a calling party and a called party and returns the session key to the calling terminal; the calling terminal initiates an encryption call to a called terminal through a VOIP server after acquiring the session key and sends key feature data generated by the KDS to the called terminal, and a media stream transmission channel is established between the calling party and the called party through the VOIP server; the calling party and the called party encrypt media streams by using the session key and send the encrypted media streams to each other, and the receiving parties decrypt the received data by using the session key so as to acquire the media streams. The key distribution method has the advantages that the key is directly generated by the KDS, thereby being easy to perform key management, and reducing adjustment and transformation for the VoIP server; the KDS performs identity verification on the calling party and the called party before the key is generated, thereby making up the vulnerability of identity authentication of an SIP (Session Initiation Protocol); one session is provided with one key, encryption is performed in the whole process, no plaintext appears in the transmission process, and the security is high.

This invention disclose a secret communication method among mobile nexuses in a mobile self-organized network characterizing in applying Diffie-Hellman protocol and a public cryptographic key digital signature to realize double-way discrimination when setting up Ad Hoc mobile self-organized network link and deriving cryptographic key for the cipher of data link layer data frame and data completion, which realizes safety of segment by segment of the link, ensures that different links apply different working cryptographic keys in a mobile Ad Hoc network, solves the problem of counterfeit communication nexus and tap network and simplifies the management to said network link layer.

The invention discloses an embedded security encryption chip based on a cloud server. The embedded security encryption chip comprises a CPU, an SM2 asymmetric encryption algorithm module, an SM3 hashalgorithm module, an SM4 symmetric encryption algorithm module, an RSA asymmetric encryption algorithm module, an SHA hash algorithm module, an AES symmetric encryption algorithm module, a true randomnumber generator, a physical unclonable function module and a peripheral interface module which are integrated in the system. the embedded security encryption chip is externally integrated with PCI-Einterface, PCI-E interface connects to on-chip bus through PCI bridge, and the security encryption chip is inserted into the cloud server through the PCI-E interface. The digital signature verification and encryption/decryption speed is high, the secret key cannot be cloned, the security is high, the complexity of secret key management can be greatly reduced, the system resource consumption is reduced, the power consumption is reduced, And the chip is inserted into the cloud server through the PCI-E without changing the hardware architecture of the server, and has a secure API, so that a usercan quickly and conveniently call.

The invention relates to a method for registering and cancelling dynamic network organization devices. The method comprises the following steps: a device management server distributes an IP address, a user name and a password to each device in the network; an device user inputs the user names and passwords distributed by the device management server to the devices; the devices encrypt the user names and the passwords, and sends the encrypted user names and the passwords to the device management server; after receiving the encrypted user names and the passwords, the device management server performs decryption and comparison, and registration is realized after the comparison result is correct; the device management server checks on-network states of the registered devices; and the device management server automatically cancels out-of-network devices. According to the method, the device management server automatically checks the states of the on-network devices, so that the devices do not need to initiatively issue requests for registration and cancellation to the device management server, and the device management server can instantly acquire the on-network states of the devices and updates an on-network device list of each on-network device.

The invention discloses an authentication method based on a smart card in a multi-server environment. According to the authentication method, the participation of a third party in authentication is not needed, a user just needs to register for one time, the smart card only needs to store information of constants, the authentication and access among multiple servers can be realized, a server end also does not need to store any user information, and thus a problem that the information stored by the smart card is increased with the increase of registration servers when no third party participates authentication in the multi-server environment is solved. The security of an authentication model is proved through BAN logic analysis, at the same time performance analysis shows that the authentication scheme of the invention has a low storage cost requirement compared with an existing authentication scheme based on the smart card in the multi-server environment in the condition that computation cost and communication cost do not increase burden significantly.

The invention provides a binary channel multiple fingerprints optical encryption method comprising an encryption process and a deciphering process. A laser beam generator emits linearly polarized lights which are divided by a beam splitter into transmitting light and reflecting light. The transmitting light arrives to a left channel encryption key with fingerprint images and generates left channel modulated lasers. The reflecting light arrives to the right channel encryption key with fingerprint images and generates right channel modulated lasers. Recognizing the non-duplication characteristic of a biosignature, the invention integrates biological feature identification technologies with optical information processing technologies and provides such a binary channel multiple fingerprints optical encryption method, which is highly reliable and secure for encryption key management and is convenient for people to carry around. The method has a good application prospect in the information safety field.

The invention provides a remote proving method applicable to emergency rescue platform. The remote providing method comprises the steps that a proving terminal sends an identity authentication request to a cluster administrator; the cluster administrator verifies the identity of the proving terminal; if passing the verification, the proving terminal acquires measurement information of a platform where the proving terminal is positioned, signs the measurement information by adopting a cluster signing scheme and sends the signed measurement information to an inquiry terminal; the inquiry terminal verifies whether the signature is effective according to a cluster verification scheme and inquires whether the measurement information is credible from the cluster administrator; only if the signature is effective and the measurement information is credible, the inquiry terminal confirms that the proving terminal is credible. The remote proving method has the advantages that the problem of credibility proving of a terminal can be effectively resolved, and the authenticity of data and secure transmission of the data are guaranteed; meanwhile, the remote proving method has the characteristic of proving traceability, and identity forgery attack and malicious fraud attack can be effectively resisted.

The invention provides an ID cryptography-based anti-quantum computing group communication method and system, and the method comprises the steps: distributing respective identity IDs and private keysto group members through an ID cryptography mechanism, enabling the group members to calculate the public keys of opposite sides through the public IDs of the opposite sides during communication, andthen calculating symmetric keys according to the private keys of the group members and the public keys of the opposite sides; achieving one-to-one communication with the opposite side; when the secretkey is updated, enabling an administrator to encrypt the updating secret key by using the symmetric secret key of each group member and send the updating secret key, enabling each group member to calculate the symmetric secret key with the administrator to obtain the updating secret key, and updating the symmetric secret key pool of the administrator by using the updating secret key according toa preset updating method. According to the invention, the symmetric key pool and the ID cryptography are combined, and the use security of the symmetric key pool is further enhanced in the scene of group communication.

The invention discloses a key seed matrix and a certificateless anti-collision key generation method based on the key seed matrix. The key generation method comprises the following steps: a key generation center generating a 200-bit random number; calculating a public key of the equipment part according to the random number; the key generation center calculating a ZA value according to the equipment identifier and the public key seed matrix, and calculating a Z value according to the ZA value and the partial public key of the equipment; selecting and adding eight elements according to the coordinate of the Z value mapped to the private key seed matrix to obtain an equipment identification private key, and calculating an equipment identification public key according to the equipment identification private key; the key generation center calculating an equipment complete public key according to the equipment identification public key, and calculating an equipment complete private key according to the random number and the equipment identification private key; and after the complete equipment public key and the complete equipment private key are obtained, the key generation center issuing the key pair to the equipment end through the secure channel. According to the method, the advantages of a combined public key technology and a certificateless cryptosystem are combined, and the problems between the combined public key technology and the certificateless cryptosystem are solved.