284results about How to "Guaranteed confidentiality" patented technology

The invention discloses a copyright authorization method based on a block chain. The method comprises steps of: 1, uploading a work to a client so as to enable the work to become a multi-level hash value code identification document; 2, generating a self identity identifier in a copyright block chain database; 3, enabling a digital copyright gateway server to store the generated multi-level hash value code identification document uploaded by an applicant in self identity into a copyright block chain database; 4, enabling the applicant to fill in a copyright application agreement in detail through a digital copyright application website; 5, enabling the digital copyright application website system to search the duplicate records of various levels of digital identification codes in the block chain database, and to give a copyright authorization conclusion; 6, determining the ownership of copyright according to the copyright authorization conclusion, and sending to the applicant a copyright authorization certificate or an electronic copyright authorization certificate; and 7, enabling two copyright traders to apply for authorization and an authorization transaction at the digital copyright application website system. The method solves the shortcomings of conventional copyright authorization and ensures the high security and reliability of the copyright.

The invention discloses a coding method for mixing barcodes and two-dimensional codes, which comprises the following steps: (1) generating barcode images through barcode algorithms through barcode data; Encrypting as a key to obtain two-dimensional code generation information; (3) generating a two-dimensional code image by using the two-dimensional code generation information obtained in step (2) through a two-dimensional code generation algorithm. The invention also discloses a decoding method and an encoding and decoding device of the encoding method. On the one hand, the present invention can use naked eyes to identify products, certificates or bills through the barcode, and on the other hand, the two-dimensional code reading device of the present invention can be used to read the information hidden in the two-dimensional code, ensuring the integrity of the two-dimensional code Safety, security and confidentiality, and enable the two-dimensional code to carry hidden information, strengthen the anti-counterfeiting and uniqueness of the two-dimensional code, and open up a new application field of the two-dimensional code as a data label.

The invention discloses a safe startup method for a Linux embedded system and belongs to the field of information safety. The safe startup method for the Linux embedded system comprises that: a bootstrap loader is operated in a Linux embedded device to load Linux kernel; the Linux kernel checks whether predetermined encryption/decryption equipment is connected to the Linux embedded device; if thepredetermined encryption/decryption equipment is connected to the Linux embedded device, a cipher text of the Linux file system data is transmitted to the encryption/decryption equipment for decryption, the decrypted clear text of the Linux file system data is transmitted to an internal memory, a system root directory is mounted, and other operations for starting up the Linux embedded system are continuously executed; and if the predetermined encryption/decryption equipment is not connected to the Linux embedded device, the operation for starting up the Linux embedded system is stopped so as to guarantee the information safety of the Linux file system data.

The invention discloses a credible data transmission method, which comprises the following steps: authenticating, by the SGX (Singapore Exchange Limited), a client and a server which are in data transmission; verifying, by a client authentication module, legalities of a platform where the client is positioned and a user to the corresponding server; after the client is authenticated, establishing asession between the client and the server to enable the client and the server to perform a one-off supply protocol, and sealing confidential data of a client application onto a platform where the application is positioned, wherein an independent secure channel for communication connection is established between the server and the client, and each channel corresponds to a unique client, and the server encrypts data sent by the client in a transmission process; and after a protected file is encrypted in an enclave, sending a specific file to the client according to a file request of the client,and then distributing the file to an authenticated and authorized application user to check or perform other operations. Based on credible hardware, the method effectively solves a security bug.

The invention discloses a secure remote upgrade system and upgrade method for vehicles. The system comprises an upgrade pack server, a vehicle-mounted terminal, a remote upgrade server and a key server. The upgrade method comprises following steps: 1, the upgrade pack server calls an upgrade pack secure processing module to carry out secure processing on preset vehicle upgrade data and then upload the data to the remote upgrade server; 2,the vehicle-mounted terminal and the remote upgrade server interacts with the key server to obtain vehicle upgrade data; 3, the vehicle modules to be upgraded are upgraded by means of the vehicle upgrade data. According to the secure remote upgrade system and upgrade method for vehicles of the invention, through the addition of the hardware-security-chip-based secure module to the upgrade pack server and the vehicle-mounted terminal and the combination of the key server and the remote upgrade server, encryption and digital signature and verification services are provided for the data upgrading and the confidentiality and integrity of data upgrading are guaranteed.

The invention belongs to the technical field of trusted cloud computing, and particularly relates to a secure cloud storage method based on SGX. The method is suitable for a client/server architecturesystem based on SGX, and comprises the following steps: a trusted identity authentication step: a client performs bidirectional authentication of a trusted identity with a server through a trusted identity authentication module of the server, and establishes a session with the server after the trusted identity authentication is completed; a credible operation environment authentication step: after the client passes the credible identity authentication, the client verifies the legality of the operation environment of the server to the server through a credible operation environment authentication module of the server; a credible execution step: the client transmits the data to an endclave of the server through a credible channel, and the endclave encrypts the data; and a cloud storage step: the server side sends the encrypted data to a cloud storage service provider. According to the method, the problems of trusted authentication and key packaging of the client and the server are solved.

The invention is suitable for the technical field of communication, and provides a fingerprint encryption method of a private file and a communication terminal. The method comprises the following steps of acquiring fingerprints of an owner of the private file, and encrypting the private file through using the fingerprints. Therefore, the confidentiality of the private file stored by the communication terminal is improved.

The invention relates to a safe distribution file system, which includes a registration server, a metadata server, an object storage apparatus and customer terminals. The registration server is used for verifying identity of customers, and providing content notes and a first session key for requesting access files by verifying the corresponding customer; the metadata server provides file notes for file access, head file and a second temporary session key to the corresponding customer according to the received directory notes and the access request ciphered by the first temporary session key; the object storage apparatus transmits cryptograph files to the corresponding customer according to the received file notes and the access request ciphered by the second temporary session key; and the customer terminals decipher cryptograph files using the access request corresponding to the first and the second temporary session key and through the head file for reading and writing of the corresponding customers. The invention can provide safe and effective guarantee to the access to the file of customers.

The invention mainly relates to the field of replicated ciphertext data detection and deletion in the environments of cloud storage and big data, and provides an encrypted data dereplication method for cloud storage. The method adopts the technical scheme that through a comparison between identification data generated from hash creation of a file abstract and a file in a database of a cloud service provider, obtaining a result of whether the file is replicated or not; if the file is replicated, uploading different file blocks or canceling file uploading; and if the file is not replicated, carrying out blocking, hashing and verification data generation on the file, and then finally uploading ciphertext data without identical file blocks and tag information. The method has the advantages that through the operation, the ciphertext data can be dereplicated while data confidentiality can be protected, and file privacy disclosure caused by violent search attacks through data blocks can be prevented; and due to the two-stage data dereplication, the network transmission flow can be effectively reduced, and attacks from vicious cloud service providers can be resisted.

The invention discloses a fixed internet access IMS mutual authentification and a key distribution method which solves the problem that a security mechanism standard structure of the fixed internet access IMS does not have a solution. The method comprises the following steps that: a user terminal originates an authentification request to an HSS through a CSCF and provides a user ID; the HSS returns the response of the authentification request to the CSCF and sends both a CK and an IK to a P-CSCF as well as passing a certificate of an XRES to an S-CSCF; the CSCF returns a login response message to a UE; the user terminal authenticates the integrality of the corresponding part of the returned response message through a shared key of Ku sharing with the HSS and realizes the authentification of the IMS on the internet side; after the certification, the use terminal calculates the certificate of an RES and originates the login request to the CSCF again; the CSCF authenticates the certificate of the RES on the user terminal and the certificate of the XRES of the HSS; after the certification, the CSCF sends a message of a successful user authentification to the HSS. The invention realizes the mutual authentification of the IMS network through a basic encryption and integrality protection arithmetic and completes the distribution of the key.

The embodiment of the invention discloses a block chain encryption method based on a PKI (public key infrastructure)-CLC (certificateless cryptography) heterogeneous aggregation signcryption algorithm. The method comprises: generating, after a sender user ID and a sender user public key are obtained, a sender user private key by using an authentication center in the PKI according to the sender user ID and the sender user public key; generating, after a receiver user ID, a preset master secret key, a preset secret value, and a preset parameter, a receiver user private key by using a secret key generation center in the CPC according to the receiver user ID, the preset master secret key, the preset secret value, and the preset parameter; obtaining a transaction record plaintext, subjecting the sender user private key, the transaction record plaintext, and the preset parameter to signcryption to obtain a ciphertext; and subjecting the receiver user private key, the ciphertext, and the preset parameter to unsigncryption to obtain the transaction record plaintext.

The invention discloses a method for supporting various CA (Certification Authority) identity authentications and belongs to the technical field of computers. The method disclosed by the invention comprises the following steps: the CA authentications, the encrypted generality and the relativity are extracted as the basic attributes and used as a basis to be abstracted into a digital certificate authentication and encryption interface by virtue of integrating the certificate of the current mainstream CA manufacturer; then, the interface is realized so as to integrate the digital certificate of the third party; the realization is encapsulated into a program set so as to be deployed into a software system; the overall configuration file of the software system is changed; and the current CA is specified as the used CA and integrated into the CA of the third party. Compared with the prior art, the method for supporting various CA identity authentications disclosed by the invention can be used for improving the stability and reusability of a service system, is easy to deploy and configure and can be used for reducing the working amount of system development personnel and maintenance personnel.

The invention relates to a signaling data mining and analyzing-based specific mobile subscriber coarse positioning system and a method thereof. According to the system, after a signaling data aggregation assembly carries out processing on collected signaling data of a mobile user in an operator core mobile network, the processing signaling data are transmitted to a coarse positioning service processing assembly, extraction and analyzing of user position data and characteristic data thereof as well as data mining are respectively carried out, and useful data are stored into a coarse positioning service database; meanwhile, the coarse positioning service management assembly carries out management and service packaging on the user position and characteristic data thereof; the coarse positioning service interface assembly carries out invoking and interaction on the user position and characteristic data thereof, thereby further realizing an invoking service of coarse positioning data by other network elements. According to the invention, on the basis of signaling data gathering and analyzing, coarse positioning on the specific mobile user is carried out and the positioning information is sent to an upper-layer application service unit, so that a novel value added service based on coarse positioning data is expanded and thus new social benefits and economic benefits are created for operators.

The invention relates to a safe sharing dynamic memory system used for multiple applications and a method thereof, which pertains to the technical field of information safety and is especially applicable to exchanging information safely among multiple systems. The system comprises a sharing memory pool, a memory block and an access control module; the sharing memory pool is a multi-array sharing memory pool; the sharing memory pool is a virtual two-dimensional multi-array memory space; each memory space can be allocated by size dynamically and specified with access privileges, and adopt different cipherkey algorithms so as to ensure the completeness and confidentiality of data in the memory and achieve data sharing among multiple applications. The method adopted in the system comprises procedures of establishing the sharing memory pool, writing data, reading data, writing the data into the sharing memory and decrypting the data. The system and the method of the invention have the advantages of ensuring the completeness and confidentiality of the data in the memory, achieving safe, convenient and flexible data sharing among multiple applications and also being capable of serving as a basic facility to realize safe information exchanging among multiple systems.

The method of obtain digital signature and realizing data safety used especially in mobile communication system to ensure safe data transmission includes: adopting one-way inreversible predication algorithm to generate one-way inreversible data chain for cipher key management and to make the conversation cipher key for enciphering and deciphering changeable; adopting the one-way inreversible predication algorithm for digital signature of the conservation cipher key generated dynamically; and adopting symmetrical enciphering algorithm and verifying code confirming process in verifying the enciphered information to further ensure the security and integrality of the information. The method has lowered requirement in the data processing speed and capacity of the processor and is especially suitable for the application field with relatively high safety and speed requirement in mobile communication system.

The invention provides a data transmission system. The system comprises a front-end subsystem, an imaging device, a photographing device and a post subsystem. The front-end subsystem is used for receiving original service data to be sent by an intranet customer service system through a data interface, splitting the service data into multiple data streams, encrypting the split data streams, and converting the data streams pattern information which can be displayed. The imaging device is used for displaying the pattern information. The photographing device is used for photographing a pattern on the imaging device. The post subsystem is used for receiving the pattern sent by the photographing device, decoding and converting the pattern into data streams, decrypting, merging and reorganizing the data streams to form the original service data, and sending the data to an extranet service network system through the data interface. Through the data transmission system, the data can be safely, efficiently and reliably transmitted between domains of different security levels.

The invention provides a ciphertext search authentication method oriented towards cloud storage and relates to the field of computer information safety. The ciphertext search authentication method oriented towards the cloud storage includes the following steps that files to be uploaded are selected, keywords are designated, a reverse index is constructed to generate an encryption index and a search authentication symbol, and the encryption index and the search authentication symbol are sent to a cloud server to be stored; a corresponding search token is generated by a user according to the certain keyword, and the cloud server performs search operation and sends a search result back; challenge information is generated by the user according to the search result, authentication is generated by the cloud server, and an authentication value is verified by the user to finish search result verification; the user selects the files to be added or deleted, an update token is generated, the cloud server updates the encryption index and the search authentication symbol, and update information is sent back. According to the ciphertext search authentication method oriented towards the cloud storage, data information of the user will not be revealed to the cloud server and an attacker, the user can use the keywords to search for ciphertexts stored in the cloud server, authenticates the correctness of the search result, supports dynamic update of the user files and ensures confidentiality of user data and correctness of the search result.

The invention discloses a data transmission security encryption method for a metering automation system. The data transmission security encryption method includes steps of (1), a host transmits scattering factors and random digit getting command requests to an encryptor; (2) the encryptor generates a random digit L1 of 8 bytes and utilizes the scattering factors and a terminal service main secret key to generate a terminal service sub secret key, generates a session key via the random digit L1 and the terminal service sub secret key, encrypts the random digit by the session key to generate a ciphertext E1; the encryptor feeds the random digit L1 and the ciphertext E1 to the host; (3), the host transmits an identity verification request containing the ciphertext E1 and low 4 bytes of the random digit number L1 to a smart terminal; and (4), after the smart terminal receives the identity verification request, the session key is generated by encrypting the low-4 bytes of the random digit number L1 with the self service sub secret key. By adopting the ciphertext during data transmission, data confidentiality is guaranteed, data reliability is guaranteed by checking in an MAC (media access control) manner, and system safety is guaranteed by generating the session secret key.

The invention discloses a method for double-factor bidirectional authentication. The method comprises the following steps: releasing a digital certificate and a CA certificate used for signature during the making of the digital certificate by a secret key system; configuring the configuration files of a client and a server-side so as to support the access of the client to an application interface of the server-side; accessing the application interface of the server-side by the client in a double-factor authentication mode; carrying out first verification on a server-side certificate by the client, carrying out second verification on a client certificate by the server-side, and after passing through of both the first verification and the second verification, allowing the client to access the application interface of the server-side. Besides, the invention discloses a system for double-factor bidirectional authentication, corresponding to the method. The method and the system for double-factor bidirectional authentication have the advantages of higher compatibility, wider application range, simpler design, more efficiency in use, and higher safety in data communication.

The invention discloses a method and a system for monitoring and diagnosing large scale equipment remotely. The method comprises the steps as follows: firstly, a PLC (Programmable Logic Controller) analyzes collected running data of the large scale equipment on an engineering site, and transmits the data to an internet by a 3G (the third generation telecommunication) wireless network; secondly, a monitoring center platform builds a safe information channel with the PLC by a VPN (Virtual Private Network) router and a VPN fire bulkhead; thirdly, the monitoring center platform analyzes and processes data passing by the safe information channel, and monitors and diagnoses the large scale equipment; and fourthly, the PLC controls the large scale equipment according to the detection and diagnosis results sent back by the monitoring center platform. The method and the system can enhance the data transmission rate and improves the data transmission safety.

The invention belongs to the technical field of information security, and in particular relates to a batch self-auditing method for cloud storage data. The method of the present invention mainly includes: generating a public-private key pair based on an elliptic curve digital signature algorithm, a public-private key pair of a lightweight signature algorithm, and a lightweight symmetric encryption algorithm: calculating digital signatures of multiple data files, data files Tags and ciphertexts of data files are sent to the cloud server; cloud users generate audit challenge information and send it to the cloud server; the cloud server returns the aggregated audit proof response information to the cloud user; cloud users For the response information, use the digital signature algorithm based on the elliptic curve and the symmetric encryption algorithm to verify the legitimacy of the aggregated audit proof response. The beneficial effect of the present invention is that it solves the problem of batch integrity verification of cloud storage data, enabling users to effectively verify the integrity of multiple data files at the same time.

A random number generation method and apparatus using a low-power microprocessor is provided. In the random number generation method, a low-power microprocessor determines whether external power is supplied to a random number generator. The low-power microprocessor updates an internal state of the random number generator based on a first scheme if it is determined that the external power is supplied to the random number generator. The low-power microprocessor updates the internal state of the random number generator based on a second scheme different from the first scheme if it is determined that the external power is not supplied to the random number generator.

A FPGA encryption protection method, system and server are provided. That method comprises the steps of: The key is arranged in the ROM unit of the PCI-E card; The encryption and decryption module ofthe PCI-E card encrypts the configuration file of the FPGA according to the key to obtain the encrypted configuration file; the encrypted configuration file is stored to a storage unit; During serverpower-on startup, The encryption and decryption module of the PCI-E card decrypts the encrypted configuration file according to the key to obtain the configuration file; The configuration file is loaded into a RAM cell in the FPGA for execution. By adopting the scheme provided by the embodiment of the application, the confidentiality of the FPGA configuration file can be ensured, the program security of the FPGA is effectively protected, and malicious reading of the configuration file by malicious personnel such as hackers is prevented. In addition, the scheme does not need to change the hardware structure of the server motherboard, which has low cost and strong operability, and increases the flexibility of the design.

The invention discloses a remote attestation method based on a cloud computing infrastructure as a service (IaaS) environment. The remote attestation method is realized by an identity authentication module, a remote attestation module and a credible platform standard metric version updating module, wherein the identity authentication module comprises an attestation identity key (AIK) certificate application module, a Privacy CA certificate issuing module and an AIK request process verifying module; and the remote attestation module comprises a communication module for a challenger and an authenticated party, and a communication module for the challenger and a credible configuration server. The remote attestation method disclosed by the invention has the beneficial effects that a connection is permitted to be established only if virtual machines (VM) to be communicated are credible through a remote attestation by adding a remote attestation process before a normal communication channel is established between the virtual machines. On one hand, the remote attestation method disclosed by the invention can implement identity authentication and remote attestation on the authenticated party, and on the other hand, the authenticated party can update version under a situation that platform varies, so as to finally realize actually feasible remote attestation of the cloud computing IaaS environment.

The invention provides a method for realizing an application program to access a database. The method comprises the following steps of: arranging a WAR (Web Archive File) packet of a proxy server at a database side of a fire wall in middleware; additionally arranging a proxy JDBC (Java Date Base Connectivity) driver for accessing the proxy server by configuring URL (Uniform Resource Locator) at an application program side of the fire wall; calling a webservice interface to send a database access request to the proxy server by the proxy JDBC driver; receiving the database access request and sending the database access request to a database by the proxy server; receiving a returning result of the database, which is generated according to the database access request, and outputting the returning result to the proxy JDBC driver by the proxy server; and receiving the returning result received by the proxy JDBC driver. With the adoption of the method provided by the invention, the application program accesses the database without modifying an extra program, so that the fire wall is safely passed through.

The invention relates to a blockchain-based method for inter-multi-terminal message communication, a terminal and a storage medium. The method comprises the steps that: when performing message communication, a producer terminal encrypts both the message plaintext and the key by using a predetermined encryption method, and uploads the encrypted message plaintext and the key to the blockchain; and the consumer terminal, by adopting a blockchain polling mode or a blockchain event monitoring mode, first decrypts the encrypted key, and then decrypts the encrypted message plaintext with the key, thereby performing message communication. The invention is capable of effectively guaranteeing the message communication process and the confidentiality of the message plaintext.

The invention discloses a data protection method and system in firmware updating of an Internet of Things terminal, and belongs to the technical field of Internet of Things and embedded terminals. Themethod comprises the following steps of: distributing a combined serial number and a sending serial number for each data sub-packet; generating an attached check code according to the sending serialnumber and the subpackage firmware data, and sending the corresponding relations among the combined serial numbers, the sending serial numbers and the attached check codes of all the data subpackagesin the push message. In this way, in the transmission process of the firmware updating data of the Internet of Things terminal, the reorganization attack and the rewriting attack can be effectively coped with, the confidentiality and the integrity of the firmware updating data are guaranteed, meanwhile, the method considers the use environment that the embedded terminal comprises limited memory resources and operation capability of a small embedded terminal, and the method is high in universality, easy to implement and low in system overhead.

The invention discloses a network data storage method and a server. The disturbing network data storage method provided by the invention comprises the following steps: judging whether a data file needs to be encrypted and/or signed or not by the server according to configuration information of the storage region of the data file; encrypting a network data stream uploaded at a client when the data file needs to be encrypted but does not need to be signed according to the judgment, and writing the encrypted data stream into the data file; writing the network data stream uploaded at the client into the data file when the data file needs to be signed but does not need to be encrypted according to the judgment, and signing the data file; and encrypting the network data stream uploaded at the client when the data file needs to be encrypted and signed according to the judgment, writing the encrypted network data stream into the data file, and signing the data file. The invention improves the openness, the expansibility, the robustness and the reading/writing visit efficiency of the network storage server on the premise of ensuring the confidentiality and the completeness of the data storage.

The invention discloses an RFID (Radio Frequency Identification) system capable of ensuring confidentiality and data integrity and an implementation method thereof. The system comprises an RFID tag, an RFID reading-writing module and a background service module, wherein the RFID reading-writing module is used for obtaining a communication key from the RFID tag and carrying out secret data interaction with the RFID tag based on the communication key, and the background service module is used for providing data storage and secret interaction service for the data interaction between the RFID tag and the RFID reading-writing module; and the background service module, the RFID reading-writing module and the RFID tag are sequentially connected. The RFID system capable of ensuring confidentiality and data integrity and the implementation method thereof provided by the invention can overcome the defects of poor security, easiness in failure, poor reliability and the like in the prior art so as to realize the advantages of good security, non-easiness in failure and good reliability.

The invention discloses a method for the safe cross-domain access to an SIP video monitoring system. In the method, an INVITE method defined in RFC 3261 is expanded to complete cross-domain route exploration, server safety capacity negotiation and inter-server bidirectional identity authentication and safely transmit two shared keys between servers, and after the route exploration is completed, the digest computing of information on the two shared keys, user identity and the like guarantees the legality of a follow-up cross-domain signaling source so as to guarantee the safety of the cross-domain access of a user. The method solves the safety problem of cross-domain access, prevents phishing server attack and replay attack, solves single sing-on problem of the cross-domain access user and ensures simple safety capacity negotiation and digest authentication-based signaling safety. And due to the high efficiency of the digest computing, the high efficiency of the system is achieved, and the real-time and high application value of the system are guaranteed.