84 results about "Client-side encryption" patented technology

Disclosed is a zero-knowledge distributed application configured to securely share information among groups of users having various roles, such as doctors and patients. Confidential information may be encrypted client-side, with private keys that reside solely client side. Encrypted collections of data may be uploaded to, and hosted by, a server that does not have access to keys suitable to decrypt the data. Other users may retrieve encrypted data from the server and decrypt some or all of the data with keys suitable to gain access to at least part of the encrypted data. The system includes a key hierarchy with multiple entry points to a top layer by which access is selectively granted to various users and keys may be recovered.

A system for providing digial rights management of protected content includes a client and a DRM manager. The client is capable of receiving at least one piece of content, the piece(s) of content being encrypted with at least one encryption key regardless of client user(s) authorized to access the piece(s) of encrypted content. To facilitate the client accessing one or more of the piece(s) of content, the DRM manager is capable of transferring the encryption key(s) to the client, the encryption key(s) being encrypted with a private key of a public key/private key pair unique to a client user associated with the client. The client can thereafter decrypt the encryption key(s) using the public key of the public key/private key pair unique to the client user. Then, the client can decrypt the piece(s) of content using the decrypted encryption key(s), and access the decrypted piece(s) of content.

An online file storage system having secure file drawer and safe is disclosed for securely storing and sharing confidential files. The system comprises a web-based user interface, tools for setting up server-side encryption method and client-side encryption method, tools for synchronizing encryption between different computers, tools for uploading files, tools for tracking files, tools for granting the right of access to files to the owner of other safes, and tools for generating authenticity certificate for proving the upload time and the substance of the files in a future time.

A method for performing access management to facilitate a user to access applications in a single sign-on enabled enterprise solution is provided. A challenge token and a response token are transmitted between a server and a client. The challenge token and response token comprises one-way hashed data. The response token is verified at the server and the client to authenticate the user. Further, a request for service token is transmitted between the server and the client. The request for service token is encrypted at the client and decrypted at the server using a unique session key negotiated between the server and client. A service token is generated and transmitted between the server and the client. The service token is encrypted and decrypted at the server using a secret key to verify the service token. Based on the verification, the requested applications are rendered on client based user interface.

The invention is applicable to the field of communication security and provides an establishment method, device and system for connection of secure sockets layers. The method includes the steps that a client side sends a request message to establish SSL connection; a server returns a response message to the client side; the client side encrypts and verifies a request message ciphertext and sends the request message ciphertext to an CA, the CA decrypts the request message ciphertext to obtain a second ciphertext and sends the second ciphertext to the client side; the client side receives a first ciphertext and sends the first ciphertext to the server; the server decrypts the first ciphertext to generate a first secret key of the SSL connection, uses the first secret key to encrypt a generated first MAC and sends the first MAC to the client side; the client side generates a second secret key of the SSL connection, decrypts the received ciphertext, sets the second secret key as a master key for subsequent communication after succeeding in verifying the first MAC, and generates a second MAC; the server uses the first secret key to decrypt a received fourth ciphertext and sets the first secret key as a master key for subsequent communication after succeeding in verifying the second MAC, so that the SSL connection is established.

The embodiment of the invention provides a data processing method and system based on a neural network and federated learning. The method comprises the following steps: determining an encryption and decryption neural network according to a joint modeling task, wherein the encryption and decryption neural network comprises M encryption neural networks and a decryption neural network; training the encryption and decryption neural network according to randomly generated training data until the encryption and decryption neural network converges; sending the M trained encrypted neural networks to Mclients, so that each client determines encrypted data by taking owned local data and model parameters of the joint modeling task as input data of each encrypted neural network; and receiving encrypted data output by the encrypted neural network of each client, inputting the encrypted data into the decrypted neural network, and determining gradient update data of the model parameters. According to the method provided by the embodiment of the invention, the joint modeling is realized while the data privacy is ensured, the operation is simple and convenient, and the data processing efficiency is improved.

The invention discloses a data processing method. The data processing method includes that a user inputs a user identity and a password to register in a server; a client side generates first information according to the user identity and the password; the client side encrypts first time to generate second information, encrypts the second information and the first information to generate third information and sends the third information to the server; the server decrypts the third information to acquire the first time and completes authentication of the client side by the server by comparing the first time with second time; the server encrypts the second time to generate fourth information and sends the fourth information to the client side. The data processing method realizes network identity authentication, data encrypting transmission and data completeness checking and has better technical background.

The invention discloses a safe E-mail system. The safe E-mail system is characterized in that a client side service module is used for client side encryption and decryption of mail contents and mail attachments, mail signature and communication with a server service module; a client side hardware crypto module is called by the client side service module to complete corresponding code computation; a server side service module is used for receiving connection with the client side service module to complete identity authentication and service processing requests; a server side hardware crypto module is called by the server side service module to complete key exchange and user management; a mail server is called by the server side service module to complete mail transmission and mail storage; and a database is called by the server side service module to achieve storage of system information and data. The safe E-mail system achieves confidentiality, integrity and non-repudiation of mail information in the process of mail transmission by utilizing data encryption technique, and the confidentiality of the mail information is guaranteed due to the fact that a symmetrical encryption structure is used in the safe E-mail system for encryption processing of the mail information.

The invention discloses an outsourcing encryption and decryption CP-ABE method capable of achieving user revocation, and relates to the technical field of data encryption and decryption in a mobile cloud environment. The method further achieves the outsourcing encryption operation on the basis of conventional outsourcing attribute encryption, and reduces the encryption calculation cost of a local client. The method achieves the access control of fine granularity of a file on a cloud server, simplifies the secret key management operation for a user, and achieves the revocation of the access authority of an unauthorized user. When the user is revoked, a legal user does not need to update a secret key, and alleviates the burden of an authorization mechanism. The local user just needs to carry out the simple XOR operation to update a cryptograph. The security proof indicates that the method provided by the invention has the non-adaptive selection plaintext safety under a common dual linear group model. The performance analysis indicates that the method reduces the encryption calculation cost of mobile equipment more effectively, can achieve the revocation of an illegal user efficiently, and achieves the control of the access authority of the user effectively.

In asymmetric cryptography, initially-set public key and private keys are updated as a function of the chosen prime number pair, a host sending an updated public key exponent and a unique prime-pair key associated with the chosen prime number pair to the client, the client using the unique prime-pair key to look-up and retrieve the chosen prime number pair and determine the updated public key and the updated private key as a function of the retrieved chosen prime number pair, the host and the client encrypting and decrypting exchanged messages with the updated public key and the updated private key without executing another handshake. In one aspect, a large even integer is used by host and client to generate a plurality of prime number pairs, and the unique prime-pair key may be a distance between each prime number of an associated prime number pair.

The invention provides a data processing method based on homomorphic encryption and a device thereof, and the method comprises the steps: obtaining a processing request of data from a client; whereinthe processing request is used for requesting to execute a data processing operation on a stored data item; executing the data processing operation on a ciphertext of the data item corresponding to the operation according to the operation required for executing the data processing operation to obtain an encryption result; wherein the ciphertext is obtained by encrypting the data item by the clientthrough adoption of a homomorphic encryption algorithm corresponding to the data processing operation; and generating and sending a processing response carrying the encryption result. According to the method, the processing functions of query, analysis and the like of the encrypted data can be provided on the server side, and since the ciphertext is obtained after encryption processing of the client, the server cannot view the private data of the user, and the private data of the user can be prevented from being leaked.

A cloud computing processing system with a security architecture includes a client module, a database module, a cloud computing server and a data analysis module. The client module sends a request to the data analysis module, the database module is used for storing data, the cloud computing server is used for setting computing rules and providing the special computing rules to the data analysis module according to different situations, the data analysis module is used for receiving the request and acquiring the corresponding computing rules according to the requested parameters, combining with the data in the database to carry out the cloud computing process according to the computing rules and returning processed results to the client module. The cloud computing processing system further includes a client encryption/decryption module and a cloud security module, the client encryption/decryption module is used for encrypting the request and sending the encrypted request to the data analysis module and for decrypting the results returned by the data analysis module. The cloud security module is used for authenticating the identities of users, decrypting the request, encrypting the results returned by the data analysis module and monitoring the operation of the users. The cloud computing processing system with the security architecture can improve the safety of the cloud computing processing system.

Systems and methods are provided for encrypting data at a customer for storage at a hosted service provider. In addition to the data being encrypted by the client, the secret encryption key used to encrypt the data is also encrypted. Both the encrypted data and the encrypted secret encryption key are transmitted to the service provider who may further encrypt the data with another encryption key and who stores the further encrypted data, the encrypted secret encryption key and the another encryption key.

The invention provides an operation and maintenance management system and method based on an RDP protocol. The operation and maintenance management system comprises a hosting center, the hosting center is used for configuring and hosting client side information, and operation and maintenance connection is established between the hosting center and a client side through the RDP protocol according to the hosted client side information. The invention further provides the operation and maintenance management method based on the RDP protocol. Compared with the prior art, the operation and maintenance connection with the client side is established based on the RDP protocol according to the operation and maintenance management system and method, and operation and maintenance of various client sides can be hosted, monitored and managed in real time, so that security and timeliness of the operation and maintenance management system are improved.

The invention discloses a method and a system for safe transmission of a batch of data and belongs to the field of information safety. The method comprises the following steps: a client receives a batch of data files and calculates to generate first signature data; a dynamic token calculates to generate a first signature value; the client encrypts the batch of the data files and the first signature value; an encryption result is sent to an authentication server and the authentication server decrypts the encryption result to obtain a decrypted file and decrypted data; the decrypted file is calculated to generate a second signature value; when the second signature and the decrypted data are the same, a batch of data processing is carried out. With the adoption of the technical scheme disclosed by the invention, a lot of data do not need to be manually input when a batch of target data are operated by applying the dynamic token; the usability is greatly improved and the target data can be operated so as to prevent the data from being tampered or stolen and guarantee the safety of the transmission of the batch of the data.

The invention provides a method for constructing an information service platform based on cloud computing. The method is characterized by comprising realization of cloud computing safety and platform construction, wherein the cloud computing safety is realized in the following steps: a chip hardware device, a symmetric cipher algorithm and the combined key technology are adopted; in a non-cloud computing environment, a smart card is used as the hardware device of a client encryption system; in a chip of the smart card, the symmetric cipher algorithm is adopted to establish the client encryption system; and the client encryption system, a digest algorithm, a combined key generation algorithm, a key 'base', a client identity authentication protocol, a digital signature protocol, a signature verification protocol and an encryption/decryption protocol are written in.

The invention provides a method of improving a wireless local area authentication mechanism. After a wireless access point sends a message that the authentication is successful in a plain text to a client in a bidirectional authentication process, the method comprises the steps of providing a first encryption parameter, if the first encryption parameter remains unchanged after being encrypted by the client, decrypted by the wireless access point, encrypted by the wireless access point and decrypted by the client, judging that the wireless access point is legal; providing a second encryption parameter, if the second encryption parameter remains unchanged after being encrypted by the wireless access point, decrypted by the client, re-encrypted by the client and re-decrypted by the wireless access point, judging that the entire authentication process is completed. The method of improving the wireless local area authentication mechanism provided by the invention can effectively prevent the "man-in-the-middle attack", i.e., the illegal user is unable to access the network through the port of the legal user, so as to avoid the "communication hijack" attack.

The invention discloses a method and a device for encrypting transmission data, a method and a device for controlling an encrypted protocol and a method and a device for detecting the encrypted protocol; the method for encrypting the transmission data comprises the steps of sending a protocol negotiation request to an encrypted protocol detection server, receiving an encrypted protocol list, whichis returned by the encrypted protocol detection server and supported by a service server; selecting the encrypted protocol to carry out encryption handshaking modelling with the service server in a scheduled rule according to the received encrypted protocol list; and performing data interaction with the service server based on the encrypted handshaking modelling. According to the method, the problems that the existing client encrypted transmission method influences user experience and the service server lacks a control capability are solved.

The invention provides a secret information processing method, device and system. The secret information processing method is applied to a data storage system and comprises steps of: receiving a data storage request and secret information required to be stored which are sent by a client; generating a master key and a data key of the client based on a client identifier in the data storage request, encrypting the data key by using the master key, returning the encrypted data key to the client, encrypting the secret information by using the data key, and storing the obtained encrypted secret information while deleting the data key. Thus, even if the encrypted secret information is invalidly acquired, the encrypted secret information cannot be decrypted via the data key because of the absence of the data key. Since the data key obtained from the client is encrypted by the master key of the client, the secret information cannot be decrypted even if the data key encrypted by the client is intercepted. As a result, dual protection is formed, encrypted storage of the secret information is achieved and data security is improved.