49results about How to "Prevent impersonation attacks" patented technology

The invention discloses a binocular stereo vision-based human face detection method, device and system. The method comprises a step of collecting human face video data according to a first pick-up head and a second pick-up head and determining whether or not a human face is in a preset common visual range of the first pick-up head and the second pick-up head; a step of generating a human face image depth map according to the human face video data if the human face is in the preset common visual range of the first pick-up head and the second pick-up head; a step of determining whether or not the human face image depth map forms a human face three-dimension structure diagram according to a preset three-dimension structure classification rule; and a step of indicating that the human face is a face of a living body if the human face image depth map forms the human face three-dimension structure diagram. With the binocular stereo vision-based human face detection method, device and system, the detection of the human face of the living body can be performed without depending on motion cooperation of a user, and a problem that the user may be not cooperative is solved.

The invention provides a method for realizing dependable SSH based on dependable computing. The method integrates remote authentication of the dependable computing with key exchange of an SSH protocol so as to closely combine platform status information verification with session key negotiation; and the method enhances the security of data at a communication end point on the premise that safe transmission of the data is ensured. The method requires that both a server and a client are provided with dependable security chips; and the platform status can be measured by a measurement module and a dependable operating system. The method can not only effectively prevent the security threat that the communication with an unknown end point by using a security channel may undergo various attacks in the SSH protocol, but also effectively protect against replay attack, impersonation attack and man-in-the-middle attack.

The invention discloses a dynamic authentication method between a reader and a tag card and an implementation device thereof for solving the technical problem that the traditional authentication method must depend on real-time online reliable and safe connection with a backstage database, and cannot authenticate the tag card with the reader autonomously at a high degree. In the method, only a legal reader can acquire corresponding tag authentication information from an authentication database to authenticate or update the state of the corresponding tag; only a legal tag can be processed by the legal reader; a dynamic updating mechanism is applied to the tag identification (ID) in the authenticating process to ensure the forward security, and the reader stores the tag card information by adopting a Hash table, thereby improving the authentication speed; and data synchronization is realized skillfully in an attribute value mode; and the use of random numbers ensures that different data packets can be used in each authentication, so that the position information of the tag is effectively concealed and high security characteristic is provided.

The invention provides an asymmetric group key negotiation method based on permission information exchange, which takes attributes of terminal members as right parameters, and each terminal member sends its attribute set and hash value signature of the attribute set to a key generation center. The key generation center verifies the signature of the attribute set hash column value of the terminal member. If the authentication is passed, the member obtains the right key parameter corresponding to the attribute; based on the sensitivity of the exchanged information, encrypting and broadcasting the information to be broadcast to the group members with the right key parameter corresponding to the specific attribute and the selected random key factor; a member with the access right of the sensitive information calculates a decryption key of the broadcast ciphertext information by using a key parameter corresponding to the access right, and obtains the corresponding plaintext information by decrypting the broadcast ciphertext through the decryption key, so as to realize the secret information sharing among the group members with the specific right. The invention can prevent unauthorized members from participating in group key negotiation and protect personal privacy.

The invention discloses a low-complexity identity authentication method based on an intelligent card and under a multiserver environment. The low-complexity identity authentication method comprises the steps of registering, logging and authentication, wherein the registering further comprises the steps that registering information of a user is converted by a registration center and the intelligent card and then is stored in the intelligent card; the logging further comprises the steps that the intelligent card carries out local legitimacy verification on the identity of the user, and if the identity of the user is legitimate, a random number is generated, and first verification data are generated and sent to a server; the authentication further comprises the steps that the server carries out the legitimacy verification on the identity of the user, and if the identity of the user is legitimate, second verification data are generated and sent to the intelligent card; the intelligent card carries out the legitimacy verification on the identity of the server, and if the identity of the server is legitimate, third verification data are generated and sent to the server; the server carries out secondary verification on the identity of the user, and if the identity of the user is legitimate, the server and the intelligent card generate the same session key. The low-complexity identity authentication method avoids intelligent card losing attacks and impersonation attacks.

The invention discloses an RFID (Radio Frequency Identification Device) safety method based on updating of a dynamic ID (Identifier) and a key of an automobile security system and relates to the technical fields of network type automobile security systems and wireless communication. A network type automobile security system is mounted in a car; a reader-writer of a radio frequency identifying device is mounted at a door of the car; a user can have communication in a spatial wireless signal channel by holding an electronic label close to the reader-writer; a main control module is used for data processing; information interaction can be implemented by RFID security protocol identification with the dynamic ID and the key updating between the label and the reader-writer; if the label is legal, the label and the ID and the key of a background server are simultaneously updated, the door of the car is opened, and an ignition system of the car can be started; if the label is illegal, the ID and the key are not updated, the door of the car cannot be opened, and the ignition system of the car is in a closed state. The method disclosed by the invention can be used for guaranteeing accuracy and safety of the protocol.

The present invention discloses a living body detection method and apparatus based on an active state of a human eye region, and belongs to the computer application field. The method comprises: carrying out human eye detection on real-time video images according to a scale equalization algorithm, a human face detection algorithm and a human eye detection algorithm to obtain a human eye region; carrying out human eye tracking according to an LK tracking algorithm, the human eye region and the real-time video images to obtain human eye characteristic points and real-time coordinate information of the human eye characteristic points; after sending a random eye action instruction to a user, carrying out human eye tracking on the real-time video images according to the LK tracking algorithm, the human eye characteristic points and the real-time coordinate information of the human eye characteristic points to obtain a preset number of frames of real-time human eye regions; and determining whether the user is alive according to the living body detection method and the preset number of frames of real-time human eye regions. According to the living body detection method and apparatus provided by the present invention, by means of the human eye tracking and the random eye action instruction, the living body detection can be performed effectively, thereby preventing an attack caused by a faking video.

The invention discloses a human living body detection method based on human brain intelligence and man-machine interaction. The human living body detection method comprises the following steps: randomly transferring an instruction subject which is pre-configured in an instruction database in advance, and randomly setting a response mode; acquiring user response information and verifying the response mode and a response result; and if the response mode and the response result of the instruction subject are matched successfully, judging that a response user is a human living body. According to the method, the subject is appointed randomly to enable the user to answer in regulated time by the randomly-appointed response mode, and the transmitted instruction subject can be answered through the brain thinking of the user, so that an impostor can not adopt manners such as pure voice and/or video synthesis or editing and the like to cheat a human living body detection system. According to the human living body detection method, lawless persons can be effectively prevented from carrying out impersonation attacks through various means, so that the human living body detection system becomes more effective and reliable.

The invention belongs to the technical field of end-to-end communication, and discloses a power grid NB-IoT end-to-end data processing method based on a physical unclonable function. At the initialization stage, the enterprise application server generates a CSP of the PUF embedded in the NB-IoT module and stores the CSP in a user database of the service platform; A reasonable CSP number n is set,an international mobile user identifier, an international mobile device identification code and a subordinated EAS identity of the NB-IoT module are obtained, and an NB-IoT identity ID with a servicebinding relation is obtained through calculation of an SM3 algorithm; And the MME pushes the CK and the IK to the HSE, and a secure channel between the KE2Menc, the KE2Mint, the KIntermediate, the HSSand the HSE is calculated and is guaranteed by a network domain security mechanism. Compared with the prior art, the method has the characteristics of light weight and flexible updating, and the security of the service system is further enhanced.

The invention provides a block chain-based secure auditing Internet of Things data sharing system and method. The security of Internet of Things secure data sharing is improved by using a block chain technology. Fine-grained control over the data access authority of the Internet of Things is achieved in an attribute-based encryption mode, and the computing overhead of a user side is reduced through an outsourcing decryption technology. One core function of the system is to control the number of access times of the user, and manage each access of the user by using algorithms such as synchronous aggregation signature and verifiable random function. And in the payment use model, the system distributes limited number of Internet of Things data access permissions according to the payment condition of the user to the data. Meanwhile, the intelligent contract function of the block chain provides user management, signature verification and access auditing functions for the system.

The invention relates to an authentication method and system for intelligent well lid equipment, and belongs to the technical field of information security. According to the method, an authorized user is supported to remotely access a group of intelligent well lid equipment, the user is identified in an intelligent well lid environment by adopting a password, biological characteristic identification and an intelligent card technology, and a secure session key is constructed among the legal group of intelligent well lid equipment by utilizing a secret sharing technology and the Chinese remainder theorem. According to the method, the intelligent well lid data can be safely accessed through the session key, common attacks can be resisted, and the communication safety is ensured.

The invention relates to the technical field of radio frequency identification, and discloses a high-security radio frequency identification method, device and system based on bidirectional authentication. The method comprises the following steps of: carrying out pre-authentication by using an index code and a shared key according to an authentication request in the form of a timestamp, carrying out ID confirmation by using a random number and a multi-key public key algorithm, and carrying out bidirectional final authentication by using the random number, the key and the ID. The device comprises a server, a radio frequency reader-writer and an electronic tag; the system comprises a processor, a storage device and a high-security radio frequency identification device based on bidirectional authentication. Bidirectional authentication of the tag and the reader-writer is realized, the device has good security and privacy protection characteristics, and the security and risk resistance of communication are ensured.

The invention relates to an identity authentication method and system for a 5G communication network. A security anchor function sends a first random number and a service identifier to the user equipment, the user equipment and the authentication credential storage and processing function module respectively select a second random number and a third random number, the freshness of the message is ensured by replacing a serial number (SQN) with the random numbers, and for synchronization failure, different failure messages do not need to be sent. Therefore, the possibility of tracking is avoided; when the user equipment encrypts the permanent identifier of the user, the shared key is directly used for encryption, so that some problems of computation overhead and public key infrastructure (PKI) are directly avoided; when the authentication credential storage and processing function module authenticates the user equipment, if the identity authentication information comes from an attacker,resource consumption can be avoided; and entities participating in authentication are mutually authenticated, so that counterfeit attacks are avoided, and the communication security is ensured. According to the invention, a user can carry out identity authentication safely and efficiently.

The invention provides an Internet-of-vehicles RFID safety certificating method based on a key distribution center. The method comprises the steps of a protocol process period, transmitting a generated rr to a label by a reader-and-writer, and transmitting the rr to a KDC; generating an rt by the label after receiving the rr, performing calculation according to formulae which are shown in the description, and transmitting a, rt and b to the reader-and-writer; transmitting a, rt and b to the KDC by the reader-and-writer; after the KDC receives a, rt and b, searching a value which matches a, ifthe value exists, authorizing legal of the label, generating an R by the KDC, and transmitting R, b, rr and rt to a background server; and if the value does not exist, authorizing illegal of the labeland stopping communication; after a background server receives the R, b, rr and rt, searching an ID value, after the legal label is authorized, performing calculation according to formulae which arerepresented in the description, and transmitting c and d to the reader-and-writer; after the illegal label is authorized, stopping communication; forwarding the c and the d to the label by the reader-and-writer, after the legal reader-and-writer is authorized, synchronously updating the key by the label according to a formula which is represented in the description, and otherwise, after the illegal reader-and-writer is authorized, stopping communication. The Internet-of-vehicles RFID safety certificating method can effectively prevent counterfeit attack, retransmission attack, tracking attackand DoS attack.

According to the industrial RFID security communication method provided by the invention, the whole-process encryption of tag registration, identity authentication and communication interaction is realized, and the problems that the password technology is immature and the autonomous controllable degree is low in industrial application of the RFID technology are solved. In the registration stage, the RFID tag and the server generate a symmetric key by adopting an SM2 key exchange protocol and generate a tag ID based on the key, the server ID is transmitted to the tag through a variable hash value, and the IDs of the two parties can be shared without direct transmission, so that tracking attacks are avoided; in the authentication stage, real ID transmission is replaced by bidirectional authentication and a variable hash value to avoid impersonation attack and man-in-the-middle attack; aiming at the characteristics of frequent authentication and less information amount in industrial application, an efficient SM4 symmetric encryption and decryption algorithm is used, and information to be encrypted is processed in registration and authentication stages to enable the length of the information to be encrypted not to exceed 128 bits, so that SM4 can be grouped in one time to complete work, and the encryption and decryption efficiency is improved; the symmetric key is updated in each authentication, so that the cracking difficulty is improved.

The invention discloses a radio frequency identification security authentication method. The method comprises the following steps: initializing parameters of a tag, a reader and a server; Wherein authentication is started after parameter initialization is completed, and the method further comprises the steps that the reader sends an authentication request message to the tag; The tag generates a tag authentication signal after receiving the request message; And when the tag judges that the reader is a legal reader, the authentication is completed. The method has the advantages that security threats such as counterfeit attacks, replay attacks, tracking attacks and denial of service can be prevented, it can be guaranteed that strong forward privacy is not leaked under the enemy enhancement capacity, in addition, a public key encryption mechanism is adopted, the difficulty of secret key storage and management of the system is lowered, and scale expansion of the radio frequency identification system is facilitated.