40results about How to "Guaranteed safe and reliable" patented technology

The invention discloses a scheme for implementing two-way identity authentication between a user and cloud by applying a portable TPM (PTPM) and certificateless public key cryptography to a cloud environment, aiming at solving the security problems and deficiencies existing in identity authentication between the user and the cloud in a current cloud environment in a cloud computing mode. Comparedwith existing schemes, a new scheme has the following advantages: on the basis of realizing the uniqueness of user and cloud identities through the establishment of an identity management mechanism, firstly, the PTPM is adopted to ensure the security and credibility of a terminal platform and ensure the authenticity and correctness of authentication results between the cloud and the user, and moreover, the user is supported to use any terminal equipment to complete an identity authentication process with the cloud; secondly, the new scheme implements a 'password + key' two-factor authentication process based on a certificateless public key signature algorithm; and finally, the proposed scheme can significantly improve the computing efficiency of identity authentication between the user andthe cloud while ensuring the security of EUF-CMA.

The invention provides a credible Agent based MT (Mobile Terminal) credible state monitoring method. The method comprises the steps of: (1) starting the MT mobile terminal credibly; (2) judging identity of a user at the MT; if the user is in a manager mode, turning to the step 3; and if the user is in a normal user mode, turning to step 4; (3) in the manager mode, extracting characteristics of the credible state of the MT; and (4) in the normal user mode, monitoring the credible state of the MT. The credible Agent based MT credible state monitoring method, disclosed by the invention, has the advantages of solving credible state monitoring problem of the MT during the running time, being capable of extracting characteristics of the credible state of user and software behaviors comprehensively and exactly during the running time of the MT, thereby efficiently judging the credible state of the MT, simplifying monitoring complexity of the credible state through introduction of the Agent technology and improving monitoring accuracy and monitoring efficiency of the credible state.

The invention discloses a method and a system for storing copyright event based on a block chain. The devices of some works service providers that operate works-related services can be used as membernodes to form a federation chain network, and each works service provider broadcasts copyright events generated based on its own works-related services to the federation chain network, and each worksservice provider performs distributed certification based on the block chain.

The invention provides a trusted redundant fault-tolerant computer system which aims at satisfying the requirement for high safety and high reliability of systems in safety control fields. The trusted redundant fault-tolerant computer system is capable of blocking the operation of illegal programs of malicious codes, viruses and the like, protecting the system and core applications from being destroyed, protecting important information from being revealed, stolen, tampered and ruined, and shielding faults by means of a failure switching function to enable the system to work normally when faults of the system occur. The trusted redundant fault-tolerant computer system is based on a trusted cryptography module (TCM) safety chip, and a dual-computer redundant hot standby method and a compact peripheral component interconnect (CPCI) bus framework are used. Two trusted computer subsystems are configured in a computer case, each of the trusted computer subsystems is composed of a trusted computer main module (including a TCM and a flash disk), a power source module, a flash disk expansion module and an interface expansion module, and the failure switching between the two subsystems is achieved through a heartbeat server and a failure switching module.

Disclosed are a block chain-based copyright event broker authentication method and system. The equipments of some works service providers that operate works-related services can be used as member nodes to form a federation chain network, and each works service provider broadcasts copyright events generated based on its own works-related services to the federation chain network, and each works service provider performs distributed certification based on the block chain. In addition, at least one proxy member node exists in each member node, and for each proxy member node, the proxy member nodehas the right to proxy non-member nodes corresponding to the proxy member node for copyright event certification.

The invention provides an identity authentication method and device based on trusted computing. The method comprises the following steps: binding a TCM (Trusted Cryptography Module) in a computer system with a USBKey (Universal Serial Bus) in advance, and storing the reference value of each component in the computer system into the USBKey; when a login request of a target USBKey is obtained, judging whether the target USBKey is bound with the TCM in the computer system, and comparing the metric value of each component with a corresponding reference value stored in the USBKey to realize the first authentication of the target USBKey; and when the metric values of all components are the same with the reference value, authenticating the identity information of the target USBKey, and responding to the login request of the target USBKey according to an identity information authentication result to realize the secondary authentication of the target USBkey. Through the dual authentication of the target USBKey, data in the computer system can be guaranteed to be safe and trustable.

The present application provides an agricultural product traceability method, which includes: storing basic information of a target agricultural product, inspection task information of each stage in aplanting plan, inspection task execution result information of each stage in the planting plan, transportation trajectory information of the target agricultural product, and processing information ofthe target agricultural product into a block chain; generating a unique graphic code for each independent product of the target agricultural product, wherein the graphic code includes the traceability address of the target agricultural product, and the consumer accesses the relevant information of the target agricultural product stored in the block chain by scanning the graphic code. The invention realizes that the whole process data of agricultural products from the seed stage to the final sale to the consumers is stored in the block chain. By utilizing the tamper-proof property of the blockchain, the manager and the consumers can only access the data in the block chain, but can not tamper with the data, thus ensuring the safety and reliability of the data.

The invention discloses an identity authentication method and device based on a block chain. The method is applied to any edge server in an edge server block chain, and comprises the following steps:receiving an identity authentication request of a terminal node, wherein the identity authentication request comprises the identity information of the terminal node; querying identity authentication data of the terminal node in an edge server block chain according to the identity authentication request of the terminal node; and responding to the identity authentication request according to the identity authentication data. Through the implementation of the method and the device, the flexibility of terminal node identity authentication in a loose coupling environment and the availability undera distributed request are realized, so that the high-efficiency availability of an identity authentication function is ensured; and according to the embodiment of the invention, the transparency and traceability characteristics of the block chain are combined with the two-layer architecture of the edge computing, so that the terminal node is transparent to one-way information of the edge server and traceable to one-way data, and the security and credibility of an identity authentication function are ensured.

The invention relates to a virtual machine static measurement method and device based on a built-in safe architecture. The method comprises the steps of in the starting process of a physical host, enabling safe independent equipment to carry out safety measurement on a host machine system and virtualization software to ensure credibility of the host machine system and the virtualization software;enabling the host machine system and the virtualization software to determine a to-be-measured virtual machine core file; analyzing the virtual machine mirror image file, extracting the content of theto-be-measured virtual machine core file, performing security measurement on the content, and generating a measurement value; if judging that the virtual machine is started for the first time, indicating that the metric value serves as a reference value to be stored in the safe independent equipment, and the virtual machine is started; and if judging that the virtual machine is not started for the first time, verifying the metric value and a reference value in the safe independent equipment, cancelling starting of the virtual machine if verification fails, and starting the virtual machine ifverification succeeds. According to the invention, the extension of the static measurement mechanism of the virtual machine to the virtual machine can be realized, and the security of the virtual machine is enhanced.

The invention discloses an embedded system and an implementation method of a secure operating system. A hardware system comprises an encryption chip which supports an RSA asymmetric encryption algorithm and can provide 2048-bit private keys, and a protected nonvolatile memory. A software system carries out asymmetric encryption algorithm authentication on progresses on the basis of a Linux operating system, operations related to the private keys are accomplished in a specific memory region, namely a section with a hidden address, of the protected nonvolatile memory, only the progresses which pass authentication can run in the secure operating system at the moment, and the progresses which do not pass authentication can be killed. Due to the fact that the secure operating system has the memory protection function, the key authentication function and the like, the secure operating system is a trusted computing framework system, and has high safety. The secure operating system is mainly used in the special fields, such as the security field and confidentiality field, and can be matched with hardware systems of universal PCs, embedded tablet personal computers and the like.

The invention discloses an attacking control method for protecting a kernel system. The attacking control method includes the step 101 that an active trapping system is set up in pre-defense in a network defense system, an attacking control engine of the trapping system is arranged in the kernel system, and an attacking detection engine, an analysis engine and a control engine are set up in the kernel system of an operating system of a computer to detect and control act information, the step 102 that information from the step 101 is obtained through the attacking control engine arranged in the kernel system, and the attacking control engine can prevent files in a kernel from being maliciously attacked and replaced, prevent running of malicious acts and utilization of the functions of the malicious acts and finally uninstall the malicious acts from the kernel system, and the step 103 that the process is ended. According to the attacking control method, whether acts are control acts or not can be judged, and the malicious control acts can be timely blocked by conducting fine-grained searching and killing such as pilot system file protection check, loading system file protection check, drive module protection check and hardware supporting module protection check, and security and credibility of the kernel system are ensured.

The invention relates to a computer mainboard framework based on domestic security processor, and operating method, and belongs to the technical field of the secure and trusted design of a domestic computing platform and mainboard framework design. The framework comprises a security operator, a security IO (Input/Output) bridge sheet, a management and control chip, a computing chip and an FPGA (Field Programmable Gate Array) chip, wherein the security operator, the security IO bridge sheet, the management and control chip, the computing chip, the FPGA and other peripheral circuits realize bottom layer hardware; the security operator provides an operation control kernel and an expansion interface; the security IO bridge sheet is taken as a Switch controller to provide an IO component; the management and control chip realizes startup guidance and trusted measurement; and the computing chip and the FGPA chip realize a data decryption algorithm. The computer mainboard framework is a safe and trusted domestic autonomous computer mainboard framework.

The invention discloses a feedback neural network trusted execution method and device, and relates to the field of deep learning and the field of information security. The system comprises a calculation component and a protection component which are parallel, and the calculation component is used for completing calculation tasks such as a feedforward mechanism module and a feedback mechanism module; the protection component is used for carrying out active measurement and active control on the calculation component through an active immune chip according to a dynamic autonomous trusted strategy; a security isolation mechanism is arranged between the computing component and the protection component, and interaction is carried out through a special access channel; the method is based on the trusted computing 3.0 technology, and the safety of the feedback neural network is improved. By performing credibility verification on each key link of feedback neural execution, the safety and credibility of feedback neural network execution are ensured.