1490results about How to "Guaranteed confidentiality" patented technology

The invention relates to a method for implementing a safe storage system in a cloud storage environment and belongs to the technical field of storage safety. The method is characterized in that a trust domain is established in a server according to the requirements of a user; in the trust domain, identity authentication is performed by using an public key infrastructure (PKI); the independence between the storage system and a bottom layer system is realized by utilizing a filesystem in user space (FUSE); a hash value of a file is calculated by utilizing a secure hash algorithm (SHA1) and taking a block as a unit, a file block is encrypted by utilizing a key and an advanced encryption standard (AES) algorithm of a symmetric encipherment algorithm and taking a block as a unit, and a file cipher text is uploaded to a file server in a cloud storage area so as to guarantee the confidentiality and integrity of the file; a filer owner postpones encrypting the file again when permission is revoked by designating a user with the permission of accessing the file and the permissions thereof in an access control list; and only when the user modifies the content of the file, the user encrypts the file block in which the modified content is positioned again and the system implements three layers of key management, namely a file block key, a safe metadata file key and a trust domain server key so that not only the safety of the file is guaranteed when the permission is revoked, but also the management load of the system is not increased.

The invention relates to a method for realizing a secure network backup system under a cloud storage environment, belonging to the technical field of storage security. The method is characterized in that a system architecture is invented in a trust network of a network backup system under the cloud storage environment, a trust domain is established in a server according to a user requirement, and then identity authentication is performed by using a public key infrastructure (PKI), so that the non-deceptiveness and non-repudiation of a user are guaranteed; a Hash algorithm is used to calculate a Hash value of a file, a key and an advanced encryption standard (AES) algorithm are used for data encryption, and then the ciphertext of the file is uploaded to a file server in a cloud storage area, so that the confidentiality and the completeness of data are guaranteed; a synchronization manner based on a directory tree is used to increase the synchronization efficiency and the confidentiality of the system; a hierarchical key management manner is used to reduce the management burden of the system while guaranteeing data security; a version control function is provided to guarantee the continuity of the version of the file; and encryption key selection manners of many levels of granularity are provided to increase the flexibility of the system.

The invention discloses a copyright authorization method based on a block chain. The method comprises steps of: 1, uploading a work to a client so as to enable the work to become a multi-level hash value code identification document; 2, generating a self identity identifier in a copyright block chain database; 3, enabling a digital copyright gateway server to store the generated multi-level hash value code identification document uploaded by an applicant in self identity into a copyright block chain database; 4, enabling the applicant to fill in a copyright application agreement in detail through a digital copyright application website; 5, enabling the digital copyright application website system to search the duplicate records of various levels of digital identification codes in the block chain database, and to give a copyright authorization conclusion; 6, determining the ownership of copyright according to the copyright authorization conclusion, and sending to the applicant a copyright authorization certificate or an electronic copyright authorization certificate; and 7, enabling two copyright traders to apply for authorization and an authorization transaction at the digital copyright application website system. The method solves the shortcomings of conventional copyright authorization and ensures the high security and reliability of the copyright.

The invention provides a telecom intelligent card, an air card writing system and an air card writing method. The telecom intelligent card pre-writes KI numbers and is provided with an IMSI number input module which is used for inputting IMSI numbers of the intelligent card, and also an individualized data writing module which receives and writes individualized data of the intelligent card. The card writing method includes the following steps: users send numbers needed to be opened and ID numbers of blank telecom intelligent cards to a server through a client service; the server obtains individualized data with IMSI numbers after testing the numbers to pre-open numbers and send the IMSI numbers to the client device; users install the blank telecom intelligent card to a mobile phone and input the IMSI numbers; the sever sends the individualized data to the blank telecom intelligent card which writes the individualized data. The card, card writing system and method can realize the air card writing in remote areas; the running and maintenance cost of the card writing system is lower, thus being good for the popularization and application of the air card writing system.

The invention relates to a safety isolation file transmission control method, in particular to a file transmission control method between taxation network safety isolation systems. A transmission control system comprises an external network isolation firewall, an external network control end, an external network transmitting end, an external network receiving end, an internal network transmitting end, an internal network receiving end, an internal network control end and an internal network isolation firewall. A computer system, a virtual machine system and the isolation firewalls are combined to achieved a relatively universal safety data transmission manner, safe and reliable bidirectional data transmission is achieved by the control method with a special safety protocol, confidentiality, completeness and non-repudiation during information transmission are achieved by safety techniques such as data encryption, digital signatures and information authentication codes, data exchanging performance is increased while safety of internal and external network systems is guaranteed, and the whole system can work reliably and stably.

The invention relates to a remote mobile payment system based on a digital certificate and a payment method and belongs to the technical field of mobile payment. According to the invention, the digital certificate is used for binding an identity of a user with a public key of the user and the problem of difficulty in managing a secret key during a transaction process is solved. All communication information is encrypted by using the secret key, so that the confidentiality of the transaction information is ensured, the transaction details of the user are protected and the privacy is prevented from being revealed. Meanwhile, each piece of transaction information is digitally signed by using a private key of a sender; as long as a receiver successfully verifies the signature by using the public key of the sender, the sender cannot deny the performed operation of sending the information, so that the undeniable property of information is achieved; an abstract value of the information is calculated for each piece of transaction information; and the receiver firstly compares the abstract value of the information with the received information, so as to judge if the information is distorted and ensure the completeness of the information.

The invention relates to a safety metadata management method based on integrality checking, belonging to the field of storage safety. The method is characterized in that a self encryption technology for file data is used at a client to encrypt the file data, thereby improving the storage efficiency; a 64-heap hash tree is used at a safety metadata management server end to maintain the hash value of a file block, thereby providing integrality protection on the hash value of the file data block and realizing the high-efficiency verification on the user's access to file and the high-efficiency data updating; and simultaneously a root hash virtual linked list technology is used, thereby ensuring the integrality of root hash values of multiple 64-heap hash trees belonging to one file and supporting the user's concurrent access to the file to a certain extent.

A non-linear alignment method of a strapdown inertial navigation system comprises the following steps of: acquiring data of an accelerometer and a fiber gyroscope of the fiber strapdown inertial navigation system and carrying out denoise processing, realizing coarse alignment and fine alignment processes by the utilization of an analysis method and a compass method, establishing a quaternion-based strapdown inertial navigation system non-linear error model under the condition that attitude angle and azimuth angle are both large misalignment angles, establishing an observation model with speed as observed quantity, carrying out iterative and filter estimation by the use of an improved UKF algorithm on the basis of the model so as to obtain the misaligned angle of the platform, continuously carrying out closed-loop feedback and correcting attitude matrix of the strapdown inertia system in the previous period, so as to accurately complete the initial alignment process. The method can be used to guarantee safety and confidentiality of the initial alignment without the utilization of other sensor information. By the introduction of the quaternion error based non-linear system error model, linearization is not required to guarantee the precision of the model. Computational complexity is reduced, and filtering is carried out on the established non-linear system so as to complete fine alignment.

The invention, which belongs to the technical field of printer consumables, provides a consumable chip and a communication method thereof, and a system and method for communication between a consumable chip and an imaging device. The communication method comprises: command encrypted data sent by an imaging device are decrypted and restored into command data; command processing is carried out basedon the command data and command feedback data are generated; and the command feedback data are encrypted to generate command feedback encrypted data and the command feedback encrypted data are sent to the imaging device, wherein the command feedback encrypted data are decrypted in the imaging device to restore the command feedback data. The consumable chip comprises a decryption unit for carryingout decryption and restoration on command encrypted data sent by an imaging device, an execution chip for carrying out command processing based on the command data and generating command feedback data, and an encryption unit for encrypting the command feedback data, generating command feedback encrypted data, and sending the command feedback encrypted data to the imaging device. The encrypted communication is simple; and a phenomenon of cracking the communication data by reverse analysis of the communication waveform is avoided.

The invention discloses a shell adding and removing method for Android platform application program protection. The method includes the shell adding step and the shell removing step for an original executive file of an Android platform application program. The shell adding step refers to the step that the file format structure of the original executive file is analyzed through an externally-arranged shell adding tool, and a source program is encrypted to form data with a shell. The shell removing step refers to the step that before the application program operates, a shell removing program is preferentially loaded and operates in a memory of a mobile terminal, source program decrypting is carried out on the data with the shell, and then the original executive file is loaded to the memory and normally operates. Due to the adoption of the technical scheme of shell adding and removing, innovative thinking and feasible technical solving ways are provided for application shell adding and removing under an Android platform, and the shell adding and removing method can be used for protecting the executive file of the mobile platform, prevent the program from being attacked by hacker means like decompilation, guarantee confidentiality of commercial software and protect user application safety.

A voter V_i encrypts his vote content v_i with a public key k_PC of a counter C, then concatenates the encrypted vote content x_i with a tag t_i to obtain a ballot z_i, then randomizes it with a random number r_i to create a preprocessed text e_i, and sends it and a signature s_i therefor to an election administrator A. The administrator A generates a blind signature d_i for the preprocessed text e_i and sends it back to the voter V_i. The voter V_i excludes the influence of the random number r_i from the blind signature d_i to obtain administrator signature y_i, and sends vote data <z_i, y_i> to a counter C. The counter C verifies the validity of the administrator signature y_i and, if valid, generates and publishes a vote list containing the data <z_i, y_i> to the voter V_i. The voter V_i checks the vote list to make sure that it contains the data <z_i, y_i> with his tag t_i held in the ballot z_i. The counter C decrypts the encrypted vote content x_i in the ballot z_i to obtain the vote content v_i, and counts the number of votes polled for each candidate.

The invention discloses a coding method for mixing barcodes and two-dimensional codes, which comprises the following steps: (1) generating barcode images through barcode algorithms through barcode data; Encrypting as a key to obtain two-dimensional code generation information; (3) generating a two-dimensional code image by using the two-dimensional code generation information obtained in step (2) through a two-dimensional code generation algorithm. The invention also discloses a decoding method and an encoding and decoding device of the encoding method. On the one hand, the present invention can use naked eyes to identify products, certificates or bills through the barcode, and on the other hand, the two-dimensional code reading device of the present invention can be used to read the information hidden in the two-dimensional code, ensuring the integrity of the two-dimensional code Safety, security and confidentiality, and enable the two-dimensional code to carry hidden information, strengthen the anti-counterfeiting and uniqueness of the two-dimensional code, and open up a new application field of the two-dimensional code as a data label.

The invention provides an electronic key sharing service system for house renting. Asymmetric encryption operation is carried out by using user identification information to generate a uniquely corresponding public renting key and a uniquely corresponding private renting key, wherein the private renting key is used for generating an electronic private key with an established unique corresponding relationship between an individual user and an intelligent electronic lock in an encrypted mode and the public renting key is used for executing delocking identification verification with user individual variation for decryption of the electronic key by the smart electronic lock. The private renting key is kept by a private key management server to guarantee security of the distribution and delocking process of the electronic key. Possible different using requirements for randomness, individual variation, and security in house renting sharing can be met well; convenience of the system in house renting sharing application is improved; the convenience degree of housing renting is enhanced; and development of the intelligent door lock industry can be promoted. Therefore, the system has the broad market promotion and application prospects.

The invention relates to the technical field of electronic invoice service management, in particular to an electronic invoice security management service system based on cloud computing and cryptography. The electronic invoice security management service system based on the cloud computing and the cryptography adopts technologies of the cloud computing, big data, anti-fake encryption, internet and mobile internet to ensure the correct generation, reliable storage, safety and uniqueness of electronic invoices, and provides convenient query authentication and other electronic invoice data services. The system can ensure the correct generation, reliable storage, query authentication, safety and uniqueness of electronic invoice information, realizes paperless, electronic, networked and automatic management of invoices, reduces the invoice cost and improves the informatization management level.

The invention discloses a safe startup method for a Linux embedded system and belongs to the field of information safety. The safe startup method for the Linux embedded system comprises that: a bootstrap loader is operated in a Linux embedded device to load Linux kernel; the Linux kernel checks whether predetermined encryption/decryption equipment is connected to the Linux embedded device; if thepredetermined encryption/decryption equipment is connected to the Linux embedded device, a cipher text of the Linux file system data is transmitted to the encryption/decryption equipment for decryption, the decrypted clear text of the Linux file system data is transmitted to an internal memory, a system root directory is mounted, and other operations for starting up the Linux embedded system are continuously executed; and if the predetermined encryption/decryption equipment is not connected to the Linux embedded device, the operation for starting up the Linux embedded system is stopped so as to guarantee the information safety of the Linux file system data.

The invention relates to a voice signal quantum encryption communication system based on a random number, which comprises terminal equipment, a quantum communication access point, a quantum communication gateway and a quantum communication access point, wherein the terminal equipment consists of a terminal sending subsystem and a terminal receiving subsystem; the terminal sending subsystem comprises a quantum key agreement and management module, a voice signal encoding module, a random number generation module, a voice encryption module and a digital modulation module; and the terminal receiving subsystem comprises a voice signal decoding module, a quantum key agreement and management module, a voice decryption module and a digital demodulation module. One piece of terminal equipment simultaneously comprises the terminal sending subsystem and the terminal receiving subsystem. According to the invention, the terminal sending subsystem is applied to send a voice signal with good encryption performance and high anti-interference performance and meanwhile, the terminal receiving subsystem is utilized to receive and reduce the voice signal, so that safety and integrity in the communication process are ensured.

The invention discloses a CRIU-based Docker container heat migration method and system. According to the scheme, a container creation instruction is reestablished based on configuration information of a Docker container, so that configuration migration of the Docker container is realized; and in combination with characteristics of shared storage and non shared storage, file system migration of the Docker container is realized by adopting different Docker mirror image distribution methods, thereby avoiding the problem of Docker daemon restarting caused by direct migration of disk files of the container in an existing scheme. By performing normalization processing on volume sources, and based on this, proposing a volume heat migration algorithm, volume migration of the Docker container is simplified. By introducing a Docker warehouse security mechanism and an Rsync+SSH network communication mechanism, the scheme can ensure the confidentiality and integrity of migrated data during the migration process in a non shared storage environment.

The invention provides a USBKey encryption device, a system and a method using the USBKey encryption device for encryption and identification; wherein, the USBKey device comprises: a USB interface used for connection between an USB socket and a computer, an indicator used for indicting work status of the USBKey device and a built-in chip storing unique serial number of the USBKey device when leaving the factory and storing digital certificate and private key used for identifying identification of clients; the private key cannot be imported from the USBKey device. The invention is characterized in that: the USBKey device also comprises a visual screen used for displaying information under signing when digital signature is made for the USBKey device; the USBKey device also comprises one or a plurality of buttons for operations such as confirming or cancelling the information under signing; the visual screen can also be a touch panel.

Embodiments of the invention provide a data access control method and system in a cloud storage environment. The method mainly comprises the steps that a user registers personal information to a cloud server through a client side; when a data owner determines that the data to be transmitted to the cloud server is shared data, the client side of the data owner uses a symmetric key to encrypt the data, and sends the encrypted data, the symmetrical key, a hash operation result of the data and a shared attribute of the data to the cloud server; when the data is not the shared data, the client side of the data owner uses its own public key to encrypt the data, and sends the encrypted data, the hash operation result of the data and the shared attribute of the data to the cloud server. Through adoption of the method and system, confidentiality and integrity of the user data are guaranteed, and confidentiality of the user files is classified, so that authority control under data sharing is better realized, and security improvement of data access control under cloud storage is effectively provided.