2513 results about "Information leakage" patented technology

A database encryption system and method, the Structure Preserving Database Encryption (SPDE), is presented. In the SPDE method, each database cell is encrypted with its unique position. The SPDE method permits to convert a conventional database index into a secure one, so that the time complexity of all queries is maintained. No one with access to the encrypted database can learn anything about its content without the encryption key. Also a secure index for an encrypted database is provided. Furthermore, secure database indexing system and method are described, providing protection against information leakage and unauthorized modifications by using encryption, dummy values and pooling, and supporting discretionary access control in a multi-user environment.

A method for electronic commerce using a security token and an apparatus thereof are provided. The electronic commerce method using a security token comprises a transaction approval institution generating a security token based on a security assertion markup language (SAML), using credit information of a purchaser who requests to issue a security token, and transmitting the security token to the purchaser; the purchaser writing an electronic signature on an order and transmitting the order together with the security token to a seller; the seller verifying the received order and security token, and then delivering goods according to the order to the purchaser; and the transaction approval institution performing payment for the seller and the purchaser. The method can solve the problems of personal information leakage and privacy infringement that may happen when a purchaser sends his personal information to a seller for electronic commerce. Since the token is one-time-use data, even if a security token sent is counterfeited or stolen, the loss can be minimized. In addition, by writing an extensible markup language (XML) electronic signature in the security token, authentication, integrity, and non-repudiation for a transmitted message can be guaranteed and through simple object access protocol (SOAP) security technology, confidentiality is maintained.

The present invention provides a block chain technology-based network digital identity authentication method. The method comprises the steps of 1) user registration: conducting the identity authentication service based on the vLink protocol, uploading a block chain if the identity of a user is legal, broadcasting the information of the user to the whole network by the block chain, and adding the information of the user into a corresponding block at each node, wherein blocks are mutually verified; 2) obtaining the information of the user, searching the information of the user through the vKey attribute authorization service, returning the user name, the gender and the age information of the user and returning a particular opened at the same time for distinguishing different users; 3) subjecting data to signature treatment during the digital identity authentication process based on the above block chain technology. According to the technical scheme of the invention, the personal data of a user are stored in a block chain, so that the occurrence of information leakage and internet fraud behaviors is radically avoided. The data security is ensured. During the data transmission process, the digital signature treatment is adopted. Therefore, the sensitive information is not tampered during the digital signature transmission process.

Despite advances in recent years in the area of mandatory access control in database systems, today's information repositories remain vulnerable to inference and data association attacks that can result in serious information leakage. Without support for coping against these attacks, sensitive information can be put at risk because of release of other (less sensitive) related information. The ability to protect information disclosure against such improper leakage would be of great benefit to governmental, public, and private institutions, which are, today more than ever, required to make portions of their data available for external release. In accordance with the invention, a solution to the problem of classifying information by enforcing explicit data classification as well as inference and association constraints is provided. We formulate the problem of determining a classification that ensures satisfaction of the constraints, while at the same time guaranteeing that information will not be unnecessarily overclassified.

The invention discloses a sharing query method of electronic medical records based on block chain technology. The method comprises the following steps: a user node applies to join a block chain and sends identity authentication information, registers the identity information and allocates a pair of keys for encrypting electronic medical record information after legal authentication; meanwhile performing bidirectional verification on the encrypted electronic medical record information, and uploading the electronic medical record information passing the bidirectional verification to the block chain for the sharing query of the whole electronic medical record information; performing SHA256 hash algorithm secondary encryption on the real electronic medical record information by a trusted server to generate a segment of uploaded digital fingerprint of electronic evidence, and adding a corresponding timestamp for preventing electronic medical record tampering or information leakage; and storing the electronic medical records after twice encryption in the sharing query block chain, and uploading the same to the cloud; and providing a key by a remote node for identity proving, obtaining the electronic medical records in the sharing query block chain, and decrypting the electronic medical records by the trusted server.

Methods and apparatus for analyzing financial data generally includes a predictive modeling system. The predictive modeling system may include an artificial agent responsive to an input data set. The artificial agent may produce an estimated data set including a market conditions data set. The market conditions data may include an estimate of at least one of liquidity of a market, strategy of a counterparty, and an effect of information leakage. The artificial agent may determine a predictability value for the estimated data set. The predictive modeling system may also include an agent factory responsive to the input data set. The agent factory may generate an artificial agent in response to the input data set.

A method and apparatus for multiplication in a Galois field. The method of multiplication in a Galois field (GF) for preventing an information leakage attack by performing a transformation of masked data and masks in GF(2ⁿ) includes: receiving a plurality of first and second masked input data, a plurality of first and second input masks and an output mask; calculating a plurality of intermediate values by performing a multiplication of the plurality of masked input data and the plurality of input masks in GF(2ⁿ); and calculating a final masked output value by performing an XOR operation of the intermediate values and the output masks.

The invention relates to a file information output anti-leakage and tracing method and system. The method comprises the steps of deploying a file information output operation monitoring service system in a file information output terminal; when the file information output terminal performs file information output operation, automatically performing information anti-leakage processing in file information output contents by the file information output operation monitoring system, wherein the anti-leakage processing includes the addition of invisible watermark information; performing one or more of screen switching, screen shooting, screen video recording, file copying and printout operations on file information of the file information output terminal; and converting carrier contents after file information output into image data in an electronic format, running a watermark information extraction identification program to detect the watermark information, and performing file information leakage tracing operation. According to the method and the system, the technical difficult problem of tracing after leakage of screen shooting and printout modes of the file information output terminal can be solved on the premise of not influencing the visual effect of right reading of users.

An apparatus and method for preventing information leakage attacks through a polarized cryptographic bus architecture. The polarized cryptographic bus architecture randomly changes the polarity of the target bit such that the leaked information cannot be consistently averaged to yield statistical key material. Further, to increase the prevention of information leakage attacks, a set of dual rails is used to write data to a given register bit.

Systems and methods for dynamically remapping elements of a set to another set based on random keys. Application of said systems and methods to dynamically mapping regions of memory space of non-volatile memory, e.g., phase-change memory, can provide a wear-leveling technique. The wear leveling technique can be effective under normal execution of typical applications, and in worst-case scenarios including the presence of malicious exploits and/or compromised operating systems, wherein constantly migrating the physical location of data inside the PCM avoids information leakage and increases security; wherein random relocation of data results in the distribution of memory requests across the physical memory space increases durability; and wherein such wear leveling schemes can be implemented to provide fine-grained wear leveling without overly-burdensome hardware overhead e.g., a look-up table.

A method and apparatus for preventing leakage of sensitive information from a computer is described. The method includes identifying data entered into the computer system as sensitive data, tainting the sensitive data with at least one taint bit to form a tainted data, tracking the tainted data within the computer system and identifying at least one condition that compromises the security of the tainted data. The system is a computer system including taint analysis software for identifying data entered into the computer system as sensitive data, tainting the sensitive data with at least one taint bit to form a tainted data, tracking the tainted data within the computer system and identifying at least one condition that compromises the security of the tainted data.

An apparatus and method for preventing information leakage attacks that utilize timeline alignment. The apparatus and method inserts a random number of instructions into an encryption algorithm such that the leaked information can not be aligned in time to allow an attacker to break the encryption.

To prevent information leakage due to the loss of a mobile terminal, when various delete conditions that are set in advance in the mobile terminal are satisfied, data is deleted by control performed by the mobile terminal itself. By allowing the mobile terminal to perform control of deleting data instead of allowing an outside system such as a network to perform the control of deleting the data, it is possible to reduce the risk that the information leaks out to a third person when the network cannot perform the control or during a period of time between when the mobile terminal is lost and when the loss of the mobile terminal is noticed. Moreover, by saving the data to be deleted in another computer device by uploading the data onto, for example, a server on the network so that the data can be recovered, leakage of the information from the mobile terminal can be prevented without hampering the convenience for the user.

The present invention provides a technology for controlling an IoT gateway command control based packet, preemptively blocking information leakage by detecting/blocking command not allowed through a DB updated by automatically learning new commands recognized based thereon in real-time, determining whether they correspond to each other through search/comparison in each pattern DB corresponding thereto and selectively processing the corresponding packet according to the determined result, generating a session table based on the processed result and determining whether there is an abnormal act by checking a predetermined item, and blocking access to IoT server of abnormal packet by performing a policy according to packet blocking rule management flow.

The invention provides an identity authentication system and method based on an electronic identification card. The identity authentication system comprises an intelligent terminal, an operator server, a network identity authentication center and an application platform. The intelligent terminal is used for storing a first temporary secret key only associated with the electronic identification card of a user, and generating to-be-authenticated encryption information and first encryption information. The operator server is used for acquiring the first encryption information, authenticating the first encryption information preliminarily, and then generating second encryption information. The network identity authentication center is used for acquiring the second encryption information, generating a second temporary secret key and authenticated encryption information, and comparing the to-be-authenticated encryption information with the authenticated encryption information so as to realize authentication of the user identity. The application platform is connected with a secret key server. The application platform sends an authentication request and is used for acquiring a result of user identity authentication from the operator server. The first temporary secret key is stored in a safe area of the intelligent terminal, so that the user does not need to carry a hardware carrier and are not worry about risks, such as information leakage and so on when in online payment or online identity authentication.

The embodiment of the invention provides a display method of a graphical user interface, and a mobile terminal, and relates to the field of data processing. The method specifically comprises the following steps: judging whether the display screen of the mobile terminal is blocked or not; when a judgment result shows that the display screen is blocked, determining the blocking area and the display area of the display screen, wherein the display area is used for displaying the graphical user interface; determining the parameter information of the display area, wherein the parameter information comprises the area size of the display area and the position of the display screen where the display area is positioned; and according to the parameter information, obtaining the graphical user interface matched with the display area, and displaying the graphical user interface in the display area. The embodiment of the invention judges whether the touch screen of the mobile terminal is blocked or not, when the touch screen is blocked, the graphical user interface is displayed in the display area, the graphical user interface can be only displayed in the display area of the display screen without full-screen display, information leakage possibility is reduced, and privacy is good.

The invention discloses a BDS/GPS high-accuracy positioning method, relating to the field of satellite navigation. The method includes establishing a virtual reference station, acquiring the common-view satellite ephemeris and the satellite observation data received by a reference station Bi and a roving station M, and acquiring the geometry distance between the satellite and the reference station Bi; acquiring the pseudo range correction number of the reference station Bi; interpolating the pseudo range correction number of the virtual reference station by means of an algorithm of inverse distance to a power; interpolating the pseudo range correction number of the roving station by the roving station by means of an algorithm of inverse distance to a power; correcting the satellite pseudo range observation data received by the roving station by means of the pseudo range correction number of the roving station; and establishing a roving station satellite pseudo range observation equation to obtain the accurate coordinate of the roving station to complete the positioning. According to the invention, the safety hidden troubles of information leakage of the reference station because a multi-reference difference positioning method in the prior art must use the accurate coordinate of the reference station can prevented, and high-accuracy positioning is obtained.

To prevent information leakage at the time of transferring secret information data stored by using secret sharing scheme to the outside.

Data to be transferred to a delivery destination of secret information data is divided into a plurality of data pieces by using the secret sharing scheme, and a part of the data pieces is stored in a portable storage medium by a data delivery source and is delivered to the data delivery destination by means such as a package delivery service. A computer at the data delivery destination accesses a predetermined website to download the other data pieces. A computer at the data delivery destination restores the original secret information data from the data pieces obtained via such two kinds of routes.

The invention discloses a federated modeling method, device and equipment based on a block chain, and a storage medium. The method comprises the following steps: a training initiator issues configuration information to all training clients based on client information corresponding to the training clients when the number of the training clients is monitored to reach a preset number; the training initiator uploads a to-be-trained model to a main chain; and the training initiator determines a target model based on aggregation gradient and the to-be-trained model. Modeling of federated learning isrealized through the block chain; on the premise of protecting the privacy of federated learning data, the accuracy of federated learning is not affected, the training effect and model precision of federated learning are improved, model parameters such as gradients in transmission do not need to be modified, and the balance between privacy protection of the model parameters such as gradients andmodel convergence or model precision is achieved; and information leakage can be completely prevented, so the safety of data samples in federated learning is improved.

The invention discloses a two-dimensional barcode-based logistics industry personal information privacy protection system. The system comprises a key distribution and management system, a database, a first PC (Personal Computer) side logistic management system, a first two-dimensional barcode generation and reading module, a first two-dimensional barcode reading module, a first mobile phone delivery terminal, a first mobile phone number hiding module, a third PC side logistic management system, a third two-dimensional barcode generation and reading module, a third two-dimensional barcode reading module, a third mobile phone delivery terminal and a third mobile phone number hiding module, wherein the first PC side logistic management system is positioned at a letter sending site; and the third PC side logistic management system is positioned at a receiving site. According to the two-dimensional barcode-based logistic personal information privacy protection scheme design, the two-dimensional barcode technology and an encryption technology are applied to the logistics industry to try to solve the problem of personal information leakage. The functions such as two-dimensional barcode generation and reading, sensitive information encryption protection, and key distribution and management are realized, and the problem of privacy information leakage is solved better.