32results about How to "Protect against malicious attacks" patented technology

The invention provides a method, apparatus and system for decrypting a cloud payment limiting key. The method comprises the following steps: separately performing iteration on a plurality of private key fragments to restore an elliptic curve point, and performing private key decryption. The operation result of separate iteration of the plurality of private key fragments is equivalent operation result of the corresponding private key, and no complete private key occurs in the decryption process, thereby effectively defending the attack of privacy data access beyond the authority. The technology of separate iteration of a plurality of fragment is adopted, no complete private key occurs in the decryption process, thereby solving the security problem that the private key of a mobile terminal is leaked; and on the basis that the problem that the security problem that the private key of a mobile terminal is leaked is solved, secure allocation and use of the cloud payment limiting key is realized, and thus the security problem of Access PIN and symmetrical encryption protection limiting key are effectively solved.

The invention provides a writing balancing method of a phase change memory. The method comprises the following steps of: dividing a high-capacity phase change memory system into a plurality of memory regions, wherein each region comprises a plurality of memory arrays, each array comprises a plurality of memory rows, and each memory row is composed of a plurality of bytes and located in the same region; storing file data by a striping method to increase a mapping discretization degree of data address mapping; performing writing balancing via a neighbored copying algorithm in the array, namely maintaining a blank row pointer, and copying the data of an upper line neighboring to the pointer into the position directed by the pointer, thereby realizing the writing balance of the two memory rows; mapping the blank rows of all the arrays to a special array via an interlaced mapping mode so as to improve the discretization degree of the special array. The method can increase the discretization degree of the data address mapping, and can resist the malicious attack of repeatedly writing the same memory unit more effectively so as to realize the writing balance of the whole memory system, thereby prolonging the service life and increasing the utilization rate of the memory system.

The invention discloses a light-weight wireless sensor network security small data distribution method, which includes the following stages: the first stage: the system initialization stage, the base station generates a one-way key chain, and before each sensor node deploys the key chain The commitment value is added to each sensor node; the second stage: the pre-processing stage of the data packet, the base station uses the hash function to construct a legal data packet for a specific data item; the third stage: the data packet verification stage, the sensor node The data packet is verified, if the received data packet is legal, the data packet is accepted and the sensor node is updated, otherwise the data packet is discarded directly. The present invention considers the limited resources of commonly used sensor nodes, has the advantages of being able to resist sensor node compromise, having high robustness in terms of packet loss and out-of-sequence data packet transmission, and no need for time synchronization between base stations and sensor nodes. It has excellent features such as high efficiency and energy saving, low storage overhead, and resistance to malicious attacks.

The invention discloses a common network multi-root domain name system, which specifically discloses a common network domain name system (Univernet Domain Name System, referred to as UDNS), and UP (Univernet Protocol) addresses, which will replace the existing Internet and its domain name system DNS , and the IP address. It is a new domain name system jointly managed by multiple members. In UDNS, a root domain name server is set under each member, and the root domain name servers of each member are equal, and there is no master-slave distinction. Each member has independent and equal network sovereignty. Multiple members jointly manage UDNS and define their respective rights and obligations in the form of a convention, which can effectively avoid the phenomenon of network hegemony.

The invention provides an access request processing method and system. An access request sent by a user cannot be directly sent to any one or all website servers; firstly, the affiliated request typeneeds to be recognized; the delivery decision of the current access request is determined; then, the current access request can be delivered to the corresponding website server to be processed according to the delivery decision. Therefore for different kinds of access requests, different website servers are used for processing; the independent processing on the dynamic resource request of possiblyexisting pathogens is realized; the influence on the processing of static resources on the website servers of other types of access requests is avoided; the safety of the static resources on the website servers can be improved; the hostile attack of the user websites is effectively resisted; the influence of dark chains on the user access is avoided to a certain degree.

The invention discloses a portable security computer system based on encrypted hash tag protection. The portable security computer implements security isolation from the Internet based on a data block encrypted hash tag protection mechanism, and adopts a secure TFTP protocol to realize communication with mobile intelligence. The secure exchange of confidential files between terminals implements a single device function restriction on the USB HID interface to prevent attacks from the interface. The present invention adopts data block encryption hash tag protection mechanism, secure transmission protocol control mechanism and USB HID interface single device function restriction mechanism, etc. These security mechanisms together provide strict security isolation protection for the operating environment of the portable computer, which can not only provide All processing links involving sensitive files provide a secure computing environment that is also resistant to various possible malicious attacks.

Based on text coding, the method for detecting message of ultra long signaling includes steps: (1) based on signaling protocol of text coding to construct function for identifying ultra long message; (2) using the identifying function to identify whether the received signaling message is a ultra long message or not; (3) if yes, filtering it out; otherwise, continuing other processes. The identifying function includes character interval table, which denotes allowed maximal interval between two character separators, and constraint relation table for character separators, which denotes whether two character separators are allowed to appear continuously and repeatedly. Being implemented by software or hardware, the method is in use for detecting ultra long message at network entry. Replacing or adjusting corresponding parameters in the said two tables, the method is suitable to all text typed signaling message. The method prevents attack and destruction from hijacker.

The invention discloses a perceptual hashing-based practical and safe image forensic system and a perceptual hashing-based practical and safe image forensic method. The system comprises a certificate authority (CA), forensics computing platform (FCP) and a forensic center (FC). The method comprises the following steps that: the CA provides a certificate for a user, the FCP and the FC and distributes and manages a control key of a hash function for the FCP and the FC; the FCP calculates a characteristic value and generates a hash value of an image at a registration or forensics stage; the FC manages an image hash value from the FCP and provides retrieval and forensics services; the user submits the image to the FCP, extracts an image retrieval characteristic by using the FCP, calculates the hash value of an image segment by using a key distributed by the CA and submits the hash value to an FC database; and when the user needs an authentication image, the image is also submitted to the FCP, the retrieval characteristic is extracted to retrieve the most coincident original image from the FC, the image is segmented and the hash value is calculated by using the same key and the difference between the image and the hash value is compared so as to determine a position on which content tampering occurs. The system achieves high balanced performance in the aspects of safety, robustness, sensibility, rapid retrieval and the like.

The invention discloses a trusted sensing cloud data collection and evaluation method that is used for trust evaluation on a node and a mobile base station in a network during a sensing cloud data collection process. According to the method, a working area of a mobile base station is determined, wherein the area is determined by the number M of mobile base stations; the logical relationship of the system is determined as follows: sending data to a target node Sj by a subjective node Si; and when the target node Sj is not within the scope of the subjective node Si, data exchange needs to be forwarded by recommending a node; models for evaluating trust degrees of a node and a mobile base station in the network is established, wherein the models consist of a direct trust model Tdir, an indirect trust model Tindir and a functional trust model Tfunct; and then according to evaluation parameters Tdir, Tindir, and Tfunct obtained by calculation at the last step, a confidence level of sensing cloud data collection is determined. According to the invention, malicious attacks in the data collection process can be resisted effectively and the reliability of sensing cloud system data collection can be improved; and usability of the data can be ensured.

The invention provides a face payment security method based on a security unit and a trusted execution environment, and the method comprises the steps: obtaining a living body percentage through the calculation of face living body detection data and face image data collected by a face recognition trusted application and a face recognition camera, and the trusted execution environment, and then calling the security unit to obtain a percentage signature result and ciphertext data; and enabling the payment application to judge whether the living body percentage is larger than a preset living body percentage threshold value or not, and if yes, carrying out user identity authentication and remaining transactions in combination with a password keyboard in the rich execution environment. In the scheme, the security unit provides a secure cryptographic algorithm service and a face recognition data protection key, the trusted execution environment ensures secure execution of a face living body detection algorithm, and through direct connection with the face recognition camera, protection of integrity, authentication and confidentiality of data in the face payment process is ensured.