344 results about "Advantage" patented technology

The invention discloses a key agreement method, a system and a server of a communication network, the method comprises the following steps: a first terminal sends a conversation key ciphertext which is generated after the encryption of a conversion key by an encryption key of a key agreement server to the key agreement server; the key agreement server obtains the conversation key from the decryption of the conversation key ciphertext, the encryption key of a second terminal re-encrypts to the conversation key for generating the conversation key ciphertext to be sent to the second terminal; and the second terminal obtains the conversation key from the decryption of the obtained conversation key ciphertext and returns a response message to the first terminal. The conversation key agreement method and the system provided by the invention realize the simple process and ensure the safety of the key transmission through the realization of the encryption transmission of the conversation key by the key agreement server. The key agreement is realized by the use of the non-symmetric cryptosystem, and the encryption communication is realized by using the symmetric cryptosystem, thereby fully utilizing the advantages of the symmetric and the non-symmetric cryptosystems.

The invention relates to an encryption method for network and information security; the adopted packet length and key length are 128 bits, and a 128-bit system parameter is added; encryption algorithm comprises a plurality of rounds of round transform iteration consisting of mixed layers and diffusion layers, wherein the last round is incomplete round transformation, and the incomplete round transformation consists of the mixed layer; the mixed layer comprises key plus, S box portfolio transform and system parameter minus; the S box portfolio transform comprises 8-input 8-output reversible S box transform and inverse S box transform in the same number which are output by parity exchange; the diffusion layer can construct linear transformation with a reversible re-model polynomial matrix; an encryption round key is generated by an encryption key through encryption round transformation; and decryption algorithm is the inverse transformation of encryption algorithm. The encryption methodfor network and information security has the advantages of high diffusion speed, good security strength, hardware resource saving, and very high speed when being realized by hardware and on a software platform.

The invention relates to an intelligent contract technology-based medical rescue contract method. The method comprises the steps of establishing a rescue contract, an RSA encryption algorithm, a block chain storage technology and a protocol execution and punishment mechanism; encrypting the established rescue contract by utilizing the RSA encryption algorithm; storing a programmed intelligent contract by utilizing a block chain; when a patient meets with an accident and triggering conditions of the contract are met, executing contents of the rescue contract; and when a situation of breaking the contract occurs, performing punishment according to regulations of the intelligent contract. The method has the advantages that execution and verification are facilitated; the establishment time can be queried; the security of personal information of the patient can be ensured; the trust degree of both parties of the contract is increased; the contract cannot be tampered; and the like.

The invention discloses a dynamic clustering wireless sensor network cipher key management method. The dynamic clustering wireless sensor network cipher key management method comprises steps that allnodes of a network are divided into three layers such as a base station, a cluster head node, and a common node according to node functions, and then a system network structure model is established; the parameters of the system network structure model are initialized to generate a cipher key, and at last, communication between the base station and the cluster head node, and the communication between the common node and the cluster head node are realized, and when the nodes are captured or energy is exhausted during the operation process of the network, the cipher key in the network is updated.The method provided by the invention is advantageous in that high safety performance is provided, and the common attacks of the wireless sensor network such as node forgery attacks, message replay attacks, and denial of service attacks are resisted, and at the same time, on aspects of network connectivity, storage overhead, and network power consumption, compared to conventional schemes, a largeadvantage is provided, and the method can be used in a large-scale layer cluster type wireless sensor network.

The invention relates to a method for realizing delegation of a cipher function of a TCM (trusted cryptographic module) under a cloud computing environment. The method comprises the following steps that a cipher function of the hardware TCM is sequentially delegated by a TCM cipher delegation manager arranged in a VMM (virtual machine monitor) and a TCM cipher delegation module arranged in a VM (virtual machine), the TCM and each level of agency need to generate corresponding encryption and decryption keys and signing keys, and the delegation of the cipher function of the TCM is realized by a manner of gradual key delegation and encryption protection. The method for realizing the delegation of the cipher function of the TCM (trusted cryptographic module) under the cloud computing environment, disclosed by the invention, has the advantages that each VM owns one light-weight TCM cipher delegation module and finishes the cipher function compared with a hardware TCM chip and a virtual TCM; and a plurality of TCM cipher delegation modules can quickly construct and concurrently and efficiently process data, so that the data processing efficiency of a whole platform is improved while the confidentiality, the completeness and the authentication of platform data are ensured, and the concurrent and efficient data process requirements under the cloud computing environment are better met.

The invention discloses a method for protecting privacy of identity information based on sensitive information measurement. The method comprises the comprises the following steps of S1, determining input and output; S2, defining and calculating identity importance degree; S3, optimizing the identity importance; S4, calculating a sensitive information disclosing matrix, a minimum attack set and an information disclosing probability; S5, determining a generalizing function, and generalizing a dataset; S6, establishing a background knowledge attack-avoidance privacy protection model; S7, describing a (gamma, eta)-Risk anonymity algorithm, inputting an original dataset D, and outputting an anonymity dataset D'; S8, introducing a confidence interval, controlling the high-probability inference attack of an attacking party within the specified confidence interval, so as to avoid a user using an attribute distribution function to calculate the identity information of the user, calculate features, and perform high-probability inference attack. The method has the advantages that the problem of difficulty in effectively treating the privacy information attack based on background knowledge attack in the existing privacy protection method is solved, and the key identity and identity sensitive information are more comprehensively and effectively protected.

A format-preserving encryption algorithm based on a multi-segmented Feistel network, the method includes the following steps: S According to its own format, it is divided into t part: S ₁ ,S ₂ ,…,S _t . where set S _i is of size n _i . Set the number of rounds for the Feistel network r and the key used by the round function k , where the number of rounds r for the number of divisions t associated even numbers; for a given plaintext m , format it as: m=x ₁ || x ₂ || … || x _t ,in: x ₁ ∈ S ₁ ,x ₂ ∈ S ₂ ,…,x _t ∈ S _t ;Will x ₁ ,x ₂ ,…,x _n as t Segmentation of the Feistel network t input, or input as ;Execute r rounds of round operations, and the final output ciphertext is c=y ₁ || y ₂ || … || y _t ,in: y ₁ ∈ S ₁ ，y ₂ ∈ S ₂ ，…，y _t ∈ S _t , the advantages of the present invention are: by segmenting the sensitive data and defining the value domains of different segments, using self-defined pseudo-random functions, modulus addition and modulus subtraction operations, and using Feistel network to perform even-numbered rounds of round operations to achieve Encryption that preserves the format can support numerical data encryption schemes that retain any given format. After encryption, the data and database will not be affected, which provides the possibility for the encryption protection of numerical personal identification information in existing database application systems.

The invention relates to a confounding method of encrypted group signatures, thereby protecting signature private keys of members in a group. The method comprises the following steps that: (1), a group master constructs a signature group and a group parameter sequence pub, a main private key MK, a tracking private key TK are obtained according to a setup algorithm; (2), an information receiver obtains a respective encrypted public key PKe and decrypted private key SKe based on an EKGen algorithm according to the group parameter sequence pub: (3), according to the group parameter sequence pub, the main private key MK, and IDs of the members in the group, the group master obtains signature tracking information sID and signature private keys KID corresponding to the respective IDs of the members in the group by using an Enroll algorithm, and the signature private keys KID are sent to corresponding members in the group; (4) according to a confounding algorithm Obf, confounding processing is carried out on an initial encryption group signature algorithm EGS of the members in the group and the signature private keys KID of the members in the group, thereby obtaining an encryption group signature algorithm Rpub,z,PKe; and (5), according to the encryption group signature algorithm Rpub,z,PKe, information signature encryption is carried out a to-be-sent message M to generate an encrypted ciphertext C and then the encrypted ciphertext C is sent to the information receiver. Compared with the prior art, the confounding method has advantages of function of private key protection and good secret keeping effect and the like.

The invention discloses a public key encryption method for supporting multi-keyword search to resist the attack of keyword guess. The method comprises the following steps: a data owner and a data receiver are registered as a legal authorized user in a trusted third party; the trusted third party runs the global parameter generation algorithm, outputs the global parameter set and sends it to the cloud server, the authorized data owner and the authorized data receiver. The data owner receives the global parameter set and sends the encrypted document set and the keyword ciphertext to the cloud server. The data receiver receives the global parameter set, constructs the keyword trap according to the query sentence, and sends the keyword trap to the cloud server. The cloud server receives the global parameter set, encrypts the ciphertext document, the keyword ciphertext and the keyword trap, and returns the satisfied ciphertext document to the authorized data recipient by running the test algorithm verification. The invention effectively solves the problem of keyword guess attack, realizes keyword search, and has obvious advantages in computational efficiency and communication cost.

The invention belongs to the field of information security and relates to construction of encryption algorithm. The password (encryption) algorithm is uncertain and random by using the random function to construct the block encryption method. The uncertainties are determined by partial data in the secret key and some information of plaintext. The encryption method has the advantage that the indeterminacy of the algorithm ensures that the password analysis becomes very difficult as a result of the lack of the information about the algorithm, so that a great amount of known (selected) plaintext ciphertext pair of the same algorithm and the same secret key cannot be acquired, and the condition for password analysis is destroyed to enhance the security. The existing abundant password analysis aims at determined algorithm, and the password analysis is difficult to perform when the algorithm is random. The uncertainty of the password system is increased through multiple ways. The encryption algorithm of the plaintext is uncertain, and the algorithms of different blocks are different, therefore, the secret key space can be increased so as to enhance the safety.

The invention discloses an encryption storage method for tampering-resistant files. The encryption storage method includes carrying out auditing querying in file uploading phases; storing the files which pass auditing in distributed clusters; segmenting and encrypting the files; carrying out Merkle tree Hash computation on the segmented files to obtain information fingerprints of the files; utilizing id (identification) of the files and tree roots hashRoot as key value pairs and storing the key value pairs in memory databases; carrying out decryption by the aid of encryption algorithms in file acquiring phases to obtain segmenting paths so as to obtain the original files. The encryption storage method has the technical advantages that the storage reliability of the distributed files further can be improved, file loss risks can be decentralized to multiple nodes, file management tasks are assigned to multiple users, segmenting information is briefly stored by the aid of structures of Merkle trees, accordingly, the file tampering sensitivity of systems can be improved, and file storage requirements with high safety requirements can be met.

The utility model discloses a data encryption method in the MANET network, comprising: the first pitch point processes the first data and forwards the second data obtained after the process; the intermediate node encrypts the second data received in turn and forwards the third data obtained after the encryption; the second pitch point deciphers the third data received and restores the first data. The utility models has the advantages that the verifying protection of confidentiality, reliability and integrity can be provided to the data transmitted in the MANET network via the encryption method; the computing load of the pitch point is comparatively reduced; the work load of each pitch point on the communication route is balanced, and the communication time delay is shortened.

The invention discloses a safety control system and method applied to a smart power grid wireless sensor network and cloud computing. The safety control method comprises the steps that data are collected; whether the data are important data or unimportant data is judged; access control is performed to guarantee that the unimportant data are only transmitted to a user with access right; the important data are encrypted according to an encryption algorithm obtained through search, and therefore it is guaranteed that the important data are not illegally tampered or peeked at. According to the safety control system and method applied to the smart power grid wireless sensor network and cloud computing, an access control module is used for guaranteeing that the unimportant data are transmitted to the user with the access right; an access tree structure is adopted, so that complexity is low; the important data are encrypted through the encryption algorithm obtained through search, as a result, a third party can not know or tamper encrypted data content, it can be effectively avoided that sensing data are tampered and peeked at by the third party in the transmission process, and the integrity and confidentiality of the data are guaranteed. Due to the adoption of two safety strategies, the safety control system and method have the advantages of being high in flexibility and extendibility and the like.

The invention provides a power attack prevention method oriented at an AES algorithm and a circuit achieving method of the power attack prevention method oriented at the AES algorithm. According to the basic principle, a control module and redundancy registers are added to an AES algorithm circuit. The AES algorithm selects the position of a register storing middle calculation data in each turn according to a zone bit generated by the control module, so that the middle data of each turn of encryption operation are alternatively stored in the different registers, the Hamming distance of the middle data of the AES algorithm is effectively hidden, and the AES algorithm can resist power analysis attacks based on a Hamming distance model. The power attack prevention method oriented at the AES algorithm and the circuit achieving method of the power attack prevention method oriented at the AES algorithm have the advantages of being high in flexibility, small in area cost, high in power attack resistance and the like, and provide a good resolution scheme for designing safe chips.

A security certification method for hiding an ultra-high frequency electronic tag identifier. By encrypting the electronic tag identifier (TID) using a random number, and returning it in the cipher text, this certification method can effectively avoid an illegal reading/writing device from acquiring the TID information and from performing illegal tracking and identity recognition on an object identified by the electronic tag. Meanwhile, this certification method can effectively resist attacks, such as eavesdropping, counterfeiting, replaying, and etc. It has the advantages of preventing the electronic tag information from being eavesdropped and counterfeited, and etc. The security certification method uses the symmetric encryption algorithm of the national commercial cryptographic algorithm and the dual-key and the two-step certification mechanism. Thus, the certification of the validity of the electronic tag with the same-key of a batch of cards, and the bidirectional security certification with the single-tag and single-key are achieved.

The invention relates to a chaos message authentication code realization method for a radio sensor network, which comprises the following steps: 1) firstly, adopting a Logistic chaotic mapping function calculated based on an integer type for a radio sensor node; 2) adopting a block encryption algorithm which has the dynamic Feistel structural characteristic and has a block length being 8 bits only; and 3) realizing a message authentication code of which the length is 32 bits based on the block encryption algorithm. The invention provides the chaos message authentication code realization method for the radio sensor network, which has the advantages of good safety and higher efficiency.

The invention relates to a terminal data encryption method and system and a terminal data decryption method and system and relates to the technical field of data encryption. The terminal data encryption method includes: acquiring to-be-encrypted original text and the configuration information of a current terminal, determining a target data encryption type associated with the configuration information of the current terminal according to the preset association relationship of the configuration information and the data encryption type, determining a secrete key and an encryption algorithm according to the target data encryption type, and encrypting the to-be-encrypted original text according to the secrete key and the encryption algorithm. The terminal data encryption method has the advantages that the data encryption type is determined according to the acquired configuration information of the current terminal, the secret key and the encryption algorithm are determined according to thedata encryption type, the to-be-encrypted original text is encrypted by using the secrete key and the encryption algorithm, the cracking difficulty of the secret key and the encryption algorithm is increased, large-scale exposure of the secret key is prevented, terminal encryption compatibility is increased, and terminal data encryption safety is increased.

The invention discloses an elliptic curve and bilinear pairing cryptography based direct anonymous proving method, comprising the following steps of: (1) initializing a certificate issuing party system and sending common parameters to a certification party and a verification party; (2) issuing an anonymous certificate; (3) anonymously certifying DAACert (Computer emergency response team) by the certification party; and (4) anonymously verifying the anonymous certificate DAACert of the certification party by the verification party. According to the direct anonymous proving method provided by the invention, when the certification and the verification are carried out on the verification party by the certification party, high anonymity is maintained; the certified information is stored in a security chip and cannot be divulged; even the certified information is divulged, the real but broken certification party can be detected by utilizing the method provided by the invention; therefore, the safety of the certified information can be guaranteed. In the mean time, the method has the advantages of fast arithmetic speed and small traffic; when the security intensity of 128 bit is adopted,the arithmetic speed of the invention is at least 14 times faster than that of a scheme based on finite field arithmetic and the traffic of the invention is not more than 10 % of that of the scheme based on the finite field arithmetic.

The invention belongs to the technical field of data encryption and privacy protection, and discloses a verifiable ideal on-grid threshold proxy re-encryption method and system, and the method comprises the following steps: generating a first public and private key and a second public and private key through a KeyGen algorithm; encrypting the original message according to the first public key to generate a ciphertext; generating an agent key through a ReKeyGen algorithm according to the first private key and the second public key, dividing the agent key into a plurality of key shares, and signing each key share through a homomorphic signature technology to obtain a plurality of key share signatures; converting the ciphertext into a plurality of ciphertext shares according to the pluralityof key shares, and converting the plurality of key share signatures into a plurality of ciphertext share signatures; verifying the legality of the corresponding ciphertext share according to each ciphertext share signature; combining the legal ciphertext shares into a re-encrypted ciphertext; decrypting the re-encrypted ciphertext according to the second private key to get the original message. According to the invention, the method and system have the advantages of high availability, low trust and strong security, can effectively resist quantum attacks, and is high in encryption efficiency.

The method comprises: analyzing the MANET network model to find a CA management model fitting for the MANET network characters, and generating the system CA using threshold approach; analyzing the scheme for partitioning the MANET network into subgroups in order to provide the concept and scheme for making subgroup partition for MANET network; providing a hybrid encryption method to implement the security protection of MANET network. The invention either uses the fastness and simpleness of symmetry encryption, and or uses asymmetric cipher key to authenticate identity and manage cipher key.

The invention discloses a domestic commercial cryptography algorithm based cloud storage encryption system and an implementation method thereof and relates to the field of cloud storage. The cloud storage encryption system comprises a user account management system, a local file management system, a cloud file management system, a data encryption and decryption system, a file transmission system, a user interface control system and a user setting management system. The domestic commercial cryptography algorithm based cloud storage encryption system and the implementation method thereof have the advantages that the domestic commercial cryptography algorithm is added in a data transmission and storage process for data encryption protection, the problem of possible data protection and privacy disclosure is avoided, potential safety hazards of existing cloud storage are overcome thoroughly, and the cloud storage encryption system and the implementation method thereof can be widely used for all industries such as government agencies, military affairs, finance and telecommunications.