32 results about "Diffie–Hellman key exchange" patented technology

Methods for key exchange and mutual authentication are provided that allow for inherent authentication and secret key derivation of parties communicating through an unsecured medium. These methods allow for greater security than existing key exchange and authentication methods while requiring little or no additional energy or time compared with a basic Diffie-Hellman key exchange. These methods allow for secure communication with small, low-power devices and greater security for any devices communicating through an unsecured medium.

An approach for arriving at a shared secret key in a multicast or broadcast group environment is disclosed. The key exchange protocol permits nodes within a multicast or broadcast group to compute a shared secret key in a binary fashion, whereby a shared secret key is generated for a pair of nodes at a time. Once the shared secret key is computed by the pair, the nodes within the pair is viewed as a single entity by a node that is to be joined. This process is iteratively performed until all the nodes within the multicast group attain a common shared secret key. Under this approach, the number of messages exchanged between the nodes for establishing the secured channel is significantly reduced.

A method and system for a secure telephone protocol are disclosed, which can be implemented using current Voice over IP (VoIP) protocols, Session Initiation Protocol (SIP, as specified in the Request for Comment (RFC) 3261 from the Internet Engineering Task Force (IETF)), Real Time Transport Protocol (RTP, as specified in RFC 3550), and Secure RTP (SRTP, as specified in RFC 3711). The secure telephone protocol can include a shared secret value that is cached and then re-used later to authenticate a long series of session keys to be used for numerous separate secure phone calls over a long period of time, thereby providing cryptographic key continuity without the need for voice authentication. In an embodiment, the secure telephone protocol can utilize the Diffie-Hellman key exchange during call setup, and AES for encrypting the voice stream.

Authentication of vehicles in preparation for V2V communication includes vehicle A taking a picture of vehicle B (V_A) and vehicle B taking a picture of vehicle A (V_B). These pictures are then shared. Vehicle A determines the relative location of vehicle B indicated in V_A and V_B. If they agree, then vehicle A and B authenticate one another, such as using Diffie-Hellman key exchange. Identifying vehicle A and vehicle B in the pictures may include identifying the license plates of vehicle A and vehicle B in the pictures. Vehicles A and B may exchange license plate numbers prior to taking of the pictures. Image spoofing may be prevented by taking both forward and rearward facing pictures by both vehicles. Objects in pictures facing the same direction may be identified to verify that the pictures were taken nearly simultaneously.

An asymmetric-computing type shared key establishing method suitable for cloud computing and IoT has the following advantages. The realization efficiency and the security level are high, and a cryptographic algorithm coprocessor is not needed. The method can be applied to occasions in which the computing capabilities are asymmetric, and attacks from quantum computers can be resisted. Compared with a conventional key exchange protocol such as the Diffie-Hellman key exchange protocol, the method can be more effective between servers and mobile equipment in the security fields as the IoT and cloud computing, and the method can be used in both the electronic environment and the quantum environment. Thus, the asymmetric-computing type shared key establishing method suitable for cloud computing and IoT provided by the invention can be widely applied to the field of information security systems such as network security and e-commerce.

The invention discloses a digital copyright management method and device for protecting digital content consumer privacy. The method comprises the following steps: randomly generating an encrypted master key by utilizing the Chameleon hash function, and generating a copyright license; grouping the digital contents, then generating different symmetrical encrypted keys and cryptograph headers according to different groups of digital contents by adopting the Diffie-Hellman key exchange technology, encrypting the digital contents to acquire digital cryptographs, and then, storing the cryptograph headers and the digital cryptographs into a content server; and as required by users, decrypting from the cryptograph headers by utilizing the copyright license to acquire the symmetrical encrypted keys of the authorized digital contents, and then, decrypting the corresponding digital cryptographs to acquire the required digital contents. The device comprises an authorized server, a content serverand consumer equipment. Under the same security level, the invention can reduce the calculated amount, save the storage space and lower the requirements for network bandwidth.

The invention discloses a medical big data processing method based on a body area network and cloud computing. The method comprises the steps that a physiological sensor senses user physiological data, generates a symmetric key for encryption of data through utilization of an APTEEN protocol and a Diffie-Hellman key exchange protocol, signs the data through utilization of a Merkle tree and transmits the processed data to a mobile device; the mobile device decrypts the data uploaded by the physiological sensor, verifies a user identity and completeness of the transmission data and sends verified user data to a cloud server for data storage and data analysis; and the cloud server stores a data analysis result and sends the data analysis result to the mobile device. According to the method, the medical data is stored and protected through adoption of a transmission encryption technology, so the problem that the privacy of a patient is leaked is effectively solved; and the data is transmitted to the cloud server in real time through a wireless network, redundancy eliminated storage and real-time decision analysis problems for the real-time transmission data are solved through utilization of a big data technology, and the security protection and real-time analysis of the medical big data are realized.

The invention discloses a location privacy protection method based on a dynamic pseudonym exchange area, and belongs to the field of location privacy protection of the Internet of vehicles. The methodcomprises the steps that a vehicle in the vehicular ad hoc network registers and generates a dynamic pseudonym in the driving process and periodically updates the pseudonym, then the vehicle dynamically establishes a pseudonym exchange area, carries out pseudonym exchange to enhance the location privacy, embeds an improved Diffie-Hellman key exchange protocol in the pseudonym exchange process atthe same time to protect the pseudonym exchange process, the vehicle initiating the pseudonym exchange uploads a pseudonym exchange log to a certification authority (CA) of the area after the completion of the pseudonym exchange, the CA re-establishes the relationship between a real ID and the pseudonym of the vehicle through analyzing the pseudonym exchange log so as to enable the CA to perform identity tracking and violation processing. The location privacy protection method solves a problem of location privacy of the vehicle in the driving process, and is an effective location privacy protection method which adapts to the communication environment of the Internet of vehicles and can claim the responsibility of violation vehicles.

The invention relates to a method and a system for updating a preshared key. The method comprises the following steps: both communication sides take prime numbers which correspond to a preshared key to be updated as prime number parameters P for Diffie-Hellman Key exchange algorithm; both communication sides use prime number parameters P, positive integers g which are less than the prime number parameters P and random numbers sx and sy generated by respective communication side for calculating PX and PY, wherein PX= g<sx>(mod P) and PY = g<sy>(mod P); and both communication sides exchange the PX and the PY and take (PY)<sx>(mod P)= (PX)<sy>(mod P) as a new preshared key.

The invention relates to a fuzzy vault method based on fingerprint features and an Internet key exchange protocol. The existing method has the problems that security storage users share one key. The method comprises the steps of a shared key generation step of a diffie-hellman key exchange protocol and a binding and releasing step of a finger fuzzy vault and the shared key, wherein the shared key generation step is that the shared key is generated on the basis of the Diffie-Hellman protocol. The binding step of the fingerprint fuzzy vault and the shared key is that original fingerprint information is adopted as a polynomial element, and a polynomial is constructed by utilizing the shared key. The releasing step of the fingerprint fuzzy vault and the shared key is that the polynomial is reconstructed by inquiring the fingerprint information, and the shared key is restored. Due to the adoption of the fingerprint fuzzy vault algorithm, while the shared key is protected, the shared key can be safely and conveniently released through the fingerprint features of the user, so that the key sharing scheme has better practicability.

A method of establishing a secure communications link between a mobile terminal and a server, the method comprising retrieving from storage, in the mobile terminal a prime number, p, and generator, g, for a Diffie-Hellman key exchange protocol, generating a positive integer b at the terminal, sending a message including the value of (g<=[b] mod p) from the terminal to the server, determining a shared secret number for the terminal and the server by calculating the value of g<=[ab] mod p, where a is a positive integer, using b and a public value for the server y=g<=[a] mod p at the terminal, and using a, b, g and p at the server, and using the shared secret number to establish the secure communications between the terminal and the server. The method facilitates download of software to a mobile communications system terminal.

The invention discloses a handset NFC safety payment method based on integrated voiceprint and face characteristic encryption. The method is characterized by comprising steps that, image acquisition and voice acquisition are carried out; the acquired image and the acquired voice are respectively processed; integrated processing on a face characteristic vector and a voice characteristic vector is carried out to acquire a characteristic vector P; the characteristic vector P is compressed to be in 256-bit bytes, and a characteristic vector T is acquired; the characteristic vector T is taken as a secret key and is stored in a handset as an initiation end, and the characteristic vector T is transmitted by utilizing a Diffie-Hellman key exchange algorithm to a target end; the characteristic vector T is taken as a symmetric secret key by two communication parties to carry out encryption communication. The method is carried out in an NFC point-to-point mode, and through the method, information safety interaction during handset NFC payment can be realized.

The present invention provides a method for providing message transmission in H.323 communication system. The method includes: the first endpoint and second endpoint confirming authentication information through a GK; according to said authentication information, the first endpoint and second endpoint exchanging message directly. Since H.235 protocol of ITU-T describes the authentication and privacy technique used in H.323 systems and provides security service for message transmission in GK-routed model, the present invention can guarantee the security of the authentication information. The functions of middle entities need not to be modified for applying the method provided by the present invention because Diffie-Hellman key exchange technology is adopted in this method. The present invention increases the network scalability of the symmetric key system by adopting negotiation mode. The present invention designates and improves the security framework of message transmission in direct-routed model of H.323 system, thereby improving the security of H.323 system.

A system and method for initializing an SNMP agent in SNMPv3 mode. In one aspect of the invention, a method is provided that allows an operator to securely enter the initial SNMPv3 privacy and authentication keys into an SNMPv3 device and cause the device to enter in SNMPv3 mode. The SNMP manager and SNMP agent both generate an associated random number and public value (steps 100, 101, 200, 201). The SNMP manager passes its public value to the SNMP agent in a configuration file, which causes a proprietary MIB element in the SNMPv3 device to be set with the public value of the SNMP manager (steps 202, 204). The SNMP manager reads the public value of the SNMP agent through an SNMP request using an initial valid user having access to the public value of the SNMP agent (steps 103, 203). The SNMP agent and SNMP manager each independently compute a shared secret using the Diffie-Hellman key exchange protocol (steps 105, 204). The SNMP manager and SNMP agent each independently convert the shared secret into the same readable password (steps 106, 205), convert the readable password into the same secret key (steps 107, 206) and set the initial authentication key and the initial privacy key to the value of the secret key (steps 108, 207).