6871 results about "Common key" patented technology

A suspect user (110) seeks access to a network resource from an access authority (150) utilizing a passcode received from an authentication authority (130). Initially, an ID of a device is bound with a PIN, the device ID is bound with a private key of the device, and the device ID is bound with a user ID that has been previously bound with a password of an authorized user. The device ID is bound with the user ID by authenticating the user ID using the password. Thereafter, the suspect user communicates the device ID and the PIN from the device over an ancillary communications network (112); the authentication authority responds back over the ancillary communications network with a passcode encrypted with the public key of the device; and the suspect user decrypts and communicates over a communications network (114) the passcode with the user ID to the access authority.

The present invention relates to communications, and in particular though not exclusively to forming a secure connection between two untrusted devices. The present invention provides a method of securely connecting a first device (A) to a second device (B) using a third party authentication server (AS) coupled to the second device, the first device and the authentication server both having first device shared secret data (SSDa) and the second device and the authentication server both having second device shared secret data (SSDb). The method comprises receiving a request from the first device at the authentication server; the authentication server and the first device both generating a first device key (K_A) using the first device shared secret data in response to a first device random number (RANDa) sent from the authentication server to the first device; the authentication server and the second device both generating a second device key (K_B) using the second device shared secret data in response to a second device random number (RANDb) sent from the authentication server to the second device; and the authentication server securely forwarding to the second device (B) and the first device (A) a common key (K_AB) using the second and first device keys (K_B, K_A).

A policy agent of a network performs an out-of-band user authentication process to verify the identity of a user of a client computer and associates the network data received from the client computer with the user. When the client computer initiates a network data connection to or through the policy agent, the policy agent sends an encrypted challenge to the client computer. The challenge is encrypted with a private key of the policy agent. When the client computer receives the challenge, it decrypts the challenge and prepares a message digest value based on the challenge and the network data sent by the user. The message digest value is then encrypted with the private key of the user to form a response, and the response is sent to the policy agent. The policy agent decrypts the response with the public key of the user to obtain the message digest value and calculates a digest value based on the challenge and the received network data. The policy agent then compares the calculated digest value with the decrypted digest value. A match between the two digest values indicates that the user is successfully authenticated and that the received network data are associated with the user. The policy agent may then apply network policies based on the credentials of the authenticated user.

In some embodiments, techniques for data security may include encoding and decoding unreadably encoded data, such as data encrypted with a public key or tokenized. In some embodiments, techniques for data security may include distributing an encrypted private key. In some embodiments, unreadable data may be encrypted and/or decrypted using time-varying keys.

In some embodiments, techniques for data security may include combining information and a policy, and encoding the combined information and policy, wherein encrypting the combined information and policy is performed using a public key, or via tokenization.

In some embodiments, techniques for data security may include receiving data, wherein the data has been encoded, decoding the data, determining a first datum and a second datum, wherein the first datum and the second datum are associated with the decoded data, and determining a policy, wherein the policy is associated with the first datum.

The invention discloses a user public key address binding, searching and verifying method and system based on the crypto currency open account book technology. The user public key address binding, searching and verifying method is characterized by comprising the following steps that (1) verification public key addresses are published to users in a crypto currency network; (2) an account name registration request of one user is received, and the public key address of the user is received; (3) crypto currency is sent to the public key address of the crypto currency of the registered user through a private key address corresponding to the verification public key address and used as a verification transaction, and it is set that additional information or script content of the verification transaction contains the account number of the user, wherein the amount of the crypto currency is greater than or equal to zero; (4) query requests from other users in the crypto currency network are received, and the public key address of the registered user is fed back according to the query requests. The user public key address binding, searching and verifying method and system can substantially improve the availability, convenience, safety and reliability of crypto currency transactions, and protect the users against economic losses caused by the situation that the public key addresses are tampered with and used illegally.

A security device for a home network and a security configuration method thereof. The security device for the home network includes a user interface to send at least one request signal that includes a device register request signal to register a home appliance to the home network; a public key generator to generate a public key and a password used for security configuration of the home network; a home appliance interface to interface with the home appliance; and a controller to control the home appliance interface to transmit the public key and the password to the home appliance, and the controller to control to register the home appliance to the home network according to a service discovery protocol when the device register request signal is received from the user interface. Accordingly, the security configuration of the home network can be facilitated.

Systems, methods and apparatus for personal identity data management permit individuals to manage their criminal background, credit history, employment, demographic and educational information, for example, to establish their credentials and to help protect their good names. All access to this personal identity data, including the biometrics that uniquely establish the individuals' identity, is under the personal control of the individuals, with access limited to others only with their specific authorization. The subject systems, methods and apparatus include at least two separate archives that store encrypted data about individuals that can be accessed only via the individuals' biometrics specific to the archives and unique Identification Numbers. The Identification Numbers are encrypted when they are associated with the individuals' demographic data, which includes their names, Social Security Numbers and the Unique Identifiers assigned by the system to each of the individuals. Public/private key encryption is used to encrypt the Personal Identity Data maintained in the archives and the Identification Numbers maintained in a Personal Identity Management Service configuration application server that links the rest of the system to the archives. To permit the private keys to be securely retained for use in regenerating a. Smartcard in case of loss or damage, separate segments of the private key are stored on different servers each of which requires submittal of a different biometric, which must match the biometric associated with the private key segment.

Methods, apparatuses, media and signals for facilitating secure communication between a first device and a second device are disclosed. One method includes automatically identifying a common key server potentially accessible by both the first and second devices, and obtaining a secure private key from the common key server, for use in encrypting communications between the first and second devices. Identifying may include identifying as the common key server, a key server at an intersection of a first communication path defined between a first key server having a previously established relationship with the first device and a master key server, and a second communication path defined between a second key server having a previously established relationship with the second device and the master key server. Obtaining may include obtaining a plurality of private keys and blending the keys to produce a final private session key.

The invention relates to a method for implementing a safe storage system in a cloud storage environment and belongs to the technical field of storage safety. The method is characterized in that a trust domain is established in a server according to the requirements of a user; in the trust domain, identity authentication is performed by using an public key infrastructure (PKI); the independence between the storage system and a bottom layer system is realized by utilizing a filesystem in user space (FUSE); a hash value of a file is calculated by utilizing a secure hash algorithm (SHA1) and taking a block as a unit, a file block is encrypted by utilizing a key and an advanced encryption standard (AES) algorithm of a symmetric encipherment algorithm and taking a block as a unit, and a file cipher text is uploaded to a file server in a cloud storage area so as to guarantee the confidentiality and integrity of the file; a filer owner postpones encrypting the file again when permission is revoked by designating a user with the permission of accessing the file and the permissions thereof in an access control list; and only when the user modifies the content of the file, the user encrypts the file block in which the modified content is positioned again and the system implements three layers of key management, namely a file block key, a safe metadata file key and a trust domain server key so that not only the safety of the file is guaranteed when the permission is revoked, but also the management load of the system is not increased.

A mediating apparatus is provided on an IP network, and stores an access control list (ACL) retained in a VPN gateway unit. The mediating apparatus: receives a retrieval request from a VPN client unit; acquires a private IP address of a communication unit by reference to ACL; searches DNS to acquire therefrom an IP address of the VPN gateway unit; generates a common key that is used for authentication between the VPN client unit and the VPN gateway unit and for encrypted communication therebetween; sends the IP address of the VPN gateway unit, the private IP address of the communication unit, and the common key to the VPN client unit; and sends the IP address of the VPN client unit and the common key to the VPN gateway unit.

Methods, systems, and apparatus, are provided for wireless networking In some implementations, a self-configuring wireless system includes at least one wireless network device; and an access point device; wherein the access point device and the at least one wireless network device are preconfigured with a common key so as to enable the access point device to establish a secure wireless network with the at least one network device using the common key upon powering up the access point device and the at least one wireless network device at a user site.

A system, apparatus, method, and machine readable medium are described for secure authentication. For example, one embodiment of a system comprises: an authenticator on a client device to securely store one or more private keys, at least one of the private keys usable to authenticate a block of a blockchain; and an attestation module of the authenticator or coupled to the authenticator, the attestation module to generate a signature using the block and the private key, the signature usable to attest to the authenticity of the block by a device having a public key corresponding to the private key.

In a communication system wherein a device and a client communicate data with each other through a network, the device holds a root certificate including a public key in a pair of the public key and a private key and signed with the public key. When data is sent, a certificate creator creates a second certificate including the root certificate designated as a certificate authority at a higher level and signed with the root certificate, and the second certificate is sent to the client. In the client, the root certificate has been stored beforehand, and a verifier verifies the signature of the second certificate with the root certificate.

An over-the-air firmware update is accomplished in a secure manner using a two-step process. The first step uses an initial boot using a fixed boot program and an authenticated and verified secondary environment to complete starting of only authenticated code. After verifying a pending update, the second step is started with the electronic device being booted into an update mode with an update loader that has exclusive access to a signing key. A dummy update image is loaded into a temporary memory location and a hash is taken. A digital certificate is created corresponding to the update image and signed using the signing key. The update and digital certificate are atomically installed and the signing key is deactivated. Upon reboot, the new image is used for operation and is verified by the hash data and public key in the digital certificate.

The invention belongs to the technical field of information retrieval and database structure, discloses a method for storing and sharing secure files based on a blockchain, and uses the blockchain technology to realize secure storage and sharing of files. A user encrypts and uploads the files to obtain a file pointer, and acquires the partial file as the excitation after the accounting node writesthe information such as the formulated access policy and the pointer into a blockchain account. And the other users may acquire a file key from the adjacent accounting node or the file owner after satisfying the access policy to decrypt the files so as to finally obtain a plaintext file. The invention ensures the security of the user data, and is simple and convenient for the user to use, and thepublic key cryptography technology makes the file more secure at the same time. The unchangeable modification progress of the blockchain account further ensures the complete availability of the files, enables the user to formulate different access strategies for different files, and enables full control of the files while sharing the same.

An authentication protocol is disclosed for use in enhancing the security of communications between software applications and Internet-based service providers. The protocol incorporates a two level authentication model based on a distribution of authentication responsibilities, wherein the application authenticates users and the service provider authenticates the application. Embodiments of the protocol incorporate public key infrastructure and digital certificate technology. Other embodiments of the present invention pertain to applying a corresponding protocol to peer-to-peer communication scenarios.

An anonymity system including a cryptographic device. The cryptographic device of the anonymity system is adapted to initially determine whether a response to an incoming electronic message is requested. If so, an address of the anonymity system is encrypted with a key. In one embodiment, the key may be a public key of a system targeted to receive an outgoing electronic message from the anonymity system inclusive of data contained in the incoming electronic message. The encrypted address is placed into an outgoing electronic message before re-routing to the target system to allow the target system to re-route the response back to the anonymity system.