38results about How to "Guaranteed forward security" patented technology

The invention discloses a certificate-based forward security signature system. The system comprises: a system parameter setting module, a user initial public or private key generation module, a user certificate authentication module, a user secret key evolution module, a signature module and a verification module. The system parameter setting module generates a system main secret key and a public system parameter and sends to the other modules. The user initial public or private key generation module generates the public key and the initial private key of the each user. The user certificate authentication module issues the certificate to the valid user and sends to the signature module. The user secret key evolution module evolutes the private key of the user and sends to the signature module. The signature module generates the signature to any messages and sends to the verification module. The verification module verifies validity of the signature. By using the system, partial secret key leakage problems based on a certificate password system can be solved. A practical value is high. The invention also discloses a certificate-based forward security signature method.

The invention discloses a dynamic authentication method between a reader and a tag card and an implementation device thereof for solving the technical problem that the traditional authentication method must depend on real-time online reliable and safe connection with a backstage database, and cannot authenticate the tag card with the reader autonomously at a high degree. In the method, only a legal reader can acquire corresponding tag authentication information from an authentication database to authenticate or update the state of the corresponding tag; only a legal tag can be processed by the legal reader; a dynamic updating mechanism is applied to the tag identification (ID) in the authenticating process to ensure the forward security, and the reader stores the tag card information by adopting a Hash table, thereby improving the authentication speed; and data synchronization is realized skillfully in an attribute value mode; and the use of random numbers ensures that different data packets can be used in each authentication, so that the position information of the tag is effectively concealed and high security characteristic is provided.

The invention discloses an intelligent power grid data encryption method with forward security. The method comprises the following steps: a control center registers an aggregation gateway after receiving a registration request sent to the control center by the aggregation gateway, a public key K used for encrypting plaintext data is sent to the aggregation gateway; the aggregation gateway registers the intelligent electric meter after receiving a registration request sent to the aggregation gateway by the ith intelligent electric meter Ii, sends a public key K to the intelligent electric meter; a counter j=0 is set, whether j is less than or equal to a time period T is judged; and if yes, the ith intelligent electric meter Ii selects the ID number of the ith intelligent electric meter Ii and generates a random number ti,j, calculates and discloses a time reference variable Ri,j according to the random number ti,j, and sends the random number ti,j, the ID number IDi of the ith intelligent electric meter Ii and the time reference variable Ri,j to the control center. According to the invention, the signature private key is updated in a fixed time period, the forward security of signature information is ensured, and the aggregation and verification of digital signatures are completed without using bilinear pairs.

The invention provides a group key management method applicable to a heterogeneous sensor network. The method is that the distributive key management mode is performed; key materials of nodes in the group are dynamically distributed by a leader of each group; when networking, the leader and the nodes in the group are identified according to an exclusive NOR identification mechanism; when constructing the group key, the leader generates a witness for members in each group through an one-way accumulator; when updating the group key, three key update mechanisms are provided, namely, the mechanism of timely updating the group key, the mechanism of updating the group key while adding a new node, and the mechanism of updating the group key when repealing the old nodes; the nodes in the group utilize the concealed witness in a group key update message to identity a group key update instruction. With the adoption of the method, the calculation cost and storage cost of the whole network can be reduced; the real distributive management mode can be achieved; in addition, the forward security and the backward security of the whole network can be ensured; the safety and reliability of the wireless sensor network in operation can be improved.

The invention discloses a key generation method and system in a switching process. The method includes that a network side uses next hop parameter NH to generate next hop secret key evolved node B (KeNB) in user equipment (UE) switching process; a base station is not informed of the NH generated by the network side; the network side and the UE side respectively use next hop chaining counter (NCC) values informed by a target base station to synchronize with next hop KeNB; and the target base station is informed of the next hop KeNB generated by the network side. The base station can not acquire NH, so that the next hop KeNB can not be generated, the possibility of illegally acquiring next hop KeNB is reduced, and the forward security is guaranteed. By means of the method and the system, the safety of a communication system is greatly improved.

The invention discloses a symmetric searchable encryption method and device, equipment and a medium. The method comprises the following steps: encrypting a target plaintext file to obtain a ciphertextfile; creating a file index table based on the target plaintext file and a hash chain structure, wherein the file index table comprises an accumulative verification label and a continuously updated search trap door; and uploading the ciphertext file and the file index table to a cloud server, so that the cloud server feeds back the ciphertext file and the verification label corresponding to the search trap door to the search client based on the file index table after receiving the search trap door sent by the search client, wherein after the search client receives the ciphertext file and theverification label, the correctness of the ciphertext file is verified based on the verification label. According to the invention, the forward security and the complete verifiability of data search can be realized at the same time by creating the obtained file index table containing the accumulative verification label and the search trap door which is continuously updated.

The invention discloses an intelligent power grid data aggregation and encryption method with forward security. The method comprises: a key generation center KGC generating an initial private key andsending the initial private key to an intelligent electric meter through a secret channel; the intelligent electric meter verifying the initial private key, encrypting and signing the data of the userto generate a signature private key, sending the signature private key to the aggregation gateway, and updating the signature private key; the aggregation gateway aggregating the received signature private keys to generate an aggregation signature and sending the aggregation signature to the control center; and the control center verifying the aggregated signature, and decrypting and decoding theaggregated signature by using the private key k encrypted by the public key to obtain a plaintext m after successful verification. The problems of plaintext transmission of user power consumption information data and the like, data transmission congestion from the intelligent electric meter to a control center and expenditure in an existing aggregation encryption algorithm in an existing intelligent power grid are solved. The method is suitable for encrypting and aggregating the transmission data of the intelligent power grid, and the purpose of safely and efficiently transmitting the data isachieved.

The invention provides a certificateless verifiable encrypted signature method with forward security, and belongs to the technical field of computer network and information security. According to the method, the timestamp is embedded into secret values of a certificateless signature algorithm, secret values which are not used is safely deleted, and signature key evolution and digital signature are really combined; a traditional certificateless signature algorithm sequence is changed, the set secrete values are generated before part of private keys are generated, meanwhile, public keys are bound to a Hash function, the parameter correlation degree in the signature algorithm is increased, and two types of enemy attacks of the certificateless environment are resisted; a generated verifiable encrypted signature comprises the user secret values and has the forward security; the computation burden of a signature scheme is small, the signature is short, and the whole performance is advantageous. The certificateless verifiable encrypted signature method with the forward security has very high security and fairness.

The invention relates to a pair secret key management method suitable for a clustering wireless sensor network model, and belongs to the technical field of wireless communication. The method employs acombined public key-based algorithm to generate a pair secrete key. In the process of mutually authenticating identity identifiers of two parties, identity identification authentication between a cluster head and an intra-group node is completed by utilizing a combined private key generated by the identity identifiers, a ciphertext formed by encrypting the identity identifiers and an authentication code generated by system time; in secret key updating, updating of the combination matrix of the intra-group nodes is dynamically distributed by each group of cluster head nodes. The intra-group node completes the identification of the legality of the key updating command by utilizing the hidden witness in the key updating message. According to the method, the calculation overhead and the storage overhead of the whole network are reduced, the pair secret key management of the clustering wireless sensor network model in the true sense is realized, the forward security and the backward security of the whole network are ensured, and the security and the reliability of the wireless sensor network during operation are improved.

The invention discloses an information leakage preventing method and system based on the internet of things. An RFID (Radio Frequency Identification Device) chip responder and a reader of an application layer of the internet of things, which are mutually communicated and arranged in the internet of things; and the RFID chip responder stores an electronic carrier of identifying information of things in the internet of things. The method comprises the following steps that the RFID chip responder encrypts a private key and a public key and then transmits encrypted information to the reader of the application layer of the internet of things by a network layer of internet of things; the reader of the application layer of the internet of things decrypts the public key and the private key and generates a new private key every time; and the reader of the application layer of the internet of things encrypts and forwards the new generated private key to the RFID chip responder and readers of other application layers of the internet of things by using the public key. The invention protects the safety of data in the internet of things and prevents the leakage of information by a public key and private key encrypting mechanism. In the whole process of realization, the dynamic replacement of the private key not only further protects information safety but also improves the difficulty of password cracking.

The invention discloses an anonymous privacy protection authentication protocol method based on a wireless sensor system in smart medical treatment, and belongs to the field of information security. The invention relates to an anonymous privacy protection authentication protocol method based on a wireless sensor line in wisdom medical treatment, which comprises three entities of a user, a gateway and a sensor node, the sensor node collects real-time data of a patient, wherein the sensor node is connected to the Internet through the credible gateway, the user accesses the data collected by the node through the Internet, and the user, the gateway and the sensor node are mutually authenticated to generate a session key for communication. By means of the anonymous privacy protection authentication protocol method, off-line password guessing attacks, known key attacks and desynchronization attacks can be effectively resisted, and the whole authentication process is safe and efficient, so that the method has very high application value in an intelligent medical scene.

The embodiment of the invention discloses a method, device and system for synchronizing sensitive data, computer equipment and a computer readable storage medium. The method comprises the following steps: uploading a first equipment long-term public key and a short-term public key, and obtaining the long-term public key and the short-term public key of second equipment; generating a shared key according to the first equipment long-term private key, the short-term private key, the long-term public key of the second equipment and the short-term public key of the second equipment; acquiring the encrypted sensitive information of the second device from a server, wherein the encrypted password is the shared key; and decrypting the encrypted sensitive information by using the shared key. Therefore, in the sensitive information synchronization process, the transmission of the sensitive information is always in an encrypted state, and the sensitive information is ensured not to be leaked to anintermediate server or other attackers. The newly generated shared key is used for the encryption key of the sensitive information each time, so that the forward security is ensured, and an attackercannot decrypt the previously encrypted information even if the attacker breaks through the latest encryption key.

The invention discloses a method for realizing safe migration of user data based on a voice channel, which comprises the following steps of: deploying a cryptosystem combining a symmetric password and an asymmetric password on a trusted terminal of a secret telephone communication network; confidentiality protection of the user information being completed by utilizing the characteristics of high encryption and decryption speed, high calculation efficiency and less resource occupation of the symmetric password; identity authentication of two communication parties being realized by utilizing calculation difficulty of discrete logarithms of asymmetric passwords in a finite field, and meanwhile, sharing factors of the two communication parties being obtained through point multiplication of temporary public and private keys by means of composite characteristics of an elliptic curve algorithm, so that a one-time pad service data protection key being generated, and forward security of user data is ensured; and finally, respectively utilizing the calculation determinacy of the hash algorithm and the uncertainty of the random sequence to solve the problems of integrity protection of the user data in the transmission process and the anti-replay performance of the cryptographic protocol.

The invention relates to the technical field of vehicle-mounted network communication security, in particular to an SDN-based vehicle-mounted cloud computing method with privacy protection, which comprises the following steps: constructing an SDN-based vehicle-mounted cloud computing system, and applying for registration in the system and obtaining a resource certificate by a new vehicle; the vehicle-mounted cloud initiator selects the verified vehicles from the vehicles to form a vehicle-mounted cloud, numbers the selected vehicles and the vehicle, and negotiates vehicle-mounted cloud keys for all the vehicles in the vehicle-mounted cloud; when other new vehicles want to join the vehicle-mounted cloud, the vehicle-mounted cloud initiator verifies the validity of the resource certificate of the new user and then numbers the vehicles, and negotiates the vehicle-mounted cloud key again; when a member in the vehicle-mounted cloud leaves, the member leaving the vehicle-mounted cloud sends a leaving message to a neighbor vehicle of the member, and the key of the vehicle-mounted cloud is negotiated again; according to the invention, all vehicle nodes cannot confirm the real identity of the sender through the message and cannot track the position information of the vehicle through the link message.