391 results about "Key (cryptography)" patented technology

Secure computation environments are protected from bogus or rogue load modules, executables and other data elements through use of digital signatures, seals and certificates issued by a verifying authority. A verifying authority-which may be a trusted independent third party-tests the load modules or other executables to verify that their corresponding specifications are accurate and complete, and then digitally signs the load module or other executable based on tamper resistance work factor classification. Secure computation environments with different tamper resistance work factors use different verification digital signature authentication techniques (e.g., different signature algorithms and/or signature verification keys)-allowing one tamper resistance work factor environment to protect itself against load modules from another, different tamper resistance work factor environment. Several dissimilar digital signature algorithms may be used to reduce vulnerability from algorithm compromise, and subsets of multiple digital signatures may be used to reduce the scope of any specific compromise.

An integrated circuit for data encryption/decryption and secure key management is disclosed. The integrated circuit may be used in conjunction with other integrated circuits, processors, and software to construct a wide variety of secure data processing, storage, and communication systems. A preferred embodiment of the integrated circuit includes a symmetric block cipher that may be scaled to strike a favorable balance among processing throughput and power consumption. The modular architecture also supports multiple encryption modes and key management functions such as one-way cryptographic hash and random number generator functions that leverage the scalable symmetric block cipher. The integrated circuit may also include a key management processor that can be programmed to support a wide variety of asymmetric key cryptography functions for secure key exchange with remote key storage devices and enterprise key management servers. Internal data and key buffers enable the device to re-key encrypted data without exposing data. The key management functions allow the device to function as a cryptographic domain bridge in a federated security architecture.

The invention belongs to the technical field of information retrieval and database structure, discloses a method for storing and sharing secure files based on a blockchain, and uses the blockchain technology to realize secure storage and sharing of files. A user encrypts and uploads the files to obtain a file pointer, and acquires the partial file as the excitation after the accounting node writesthe information such as the formulated access policy and the pointer into a blockchain account. And the other users may acquire a file key from the adjacent accounting node or the file owner after satisfying the access policy to decrypt the files so as to finally obtain a plaintext file. The invention ensures the security of the user data, and is simple and convenient for the user to use, and thepublic key cryptography technology makes the file more secure at the same time. The unchangeable modification progress of the blockchain account further ensures the complete availability of the files, enables the user to formulate different access strategies for different files, and enables full control of the files while sharing the same.

A method and an apparatus capable of realizing at a high speed an elliptic curve cryptography in a finite field of characteristic 2, in which the elliptic curve is given by y²+xy=x³+ax²+b (b≠0) and an elliptic curve cryptography method which can protect private key information against leaking from deviation information of processing time to thereby defend a cipher text against a timing attack and a differential power analysis attack are provided. To this end, an arithmetic process for executing scalar multiplication arithmetic d(x, y) a constant number of times per bit of the private key d is adopted. Further, for the scalar multiplication d(x, y), a random number k is generated upon transformation of the affine coordinates (x, y) to the projective coordinates for thereby effectuating the transformation (x, y)→[kx, ky, k] or alternatively (x, y)→[k²x, k³y, k]. Thus, object for the arithmetic is varied by the random number (k).

Access to digital data is controlled by encrypting the data in such a manner that, in a single digital data acquisition step, it can be decrypted only at a specified location, within a specific time frame, and with a secret key. Data encrypted in such a manner is said to be geo-encrypted. This geo-encryption process comprises a method in which plaintext data is first encrypted using a data encrypting key that is generated at the time of encryption. The data encrypting key is then encrypted (or locked) using a key encrypting key and information derived from the location of the intended receiver. The encrypted data encrypting key is then transmitted to the receiver along with the ciphertext data. The receiver both must be at the correct location and must have a copy of the corresponding key decrypting key in order to derive the location information and decrypt the data encrypting key. After the data encrypting key is decrypted (or unlocked), it is used to decrypt the ciphertext. If an attempt is made to decrypt the data encrypting key at an incorrect location or using an incorrect secret key, the decryption will fail. If the sender so elects, access to digital data also can be controlled by encrypting it in such a manner that it must traverse a specific route from the sender to the recipient in order to enable decryption of the data. Key management can be handled using either private-key or public-key cryptography. If private-key cryptography is used, the sender can manage the secret key decrypting keys required for decryption in a secure manner that is transparent to the recipient. As a consequence of its ability to manipulate the secret keys, the sender of encrypted data retains the ability to control access to its plaintext even after its initial transmission.

The invention discloses an end-to-end hand-held device encryption method based on quantum cryptography and a system. The encryption method comprises following steps of storing quantum keys; initiating a call; synchronizing the quantum keys; performing synchronous confirmation; answering the call; and performing encryption communication. In the encryption communication, an MCU of a main calling end injects quantum communication keys Ksa into an encryption and decryption model; an MCU of a called end injects the quantum communication keys Ksa into the encryption and decryption model; the MCU of the called end using the quantum communication keys to encrypt the data; the encrypted data is sent out via a radio frequency module of the called end; a radio frequency module of the main calling end injects the received encrypted data into the encryption and decryption model for decryption; and after being decrypted, the data is played by a loudspeaker of the main calling end or displayed via a touch type display. The invention also discloses an end-to-end hand-held device encryption system based on quantum cryptography. The encryption method and system are highly safe, independent and easy, quick and simple to deploy.

Differential uncloneable variability-based cryptography techniques are provided. The differential cryptography includes a hardware based public physically uncloneable function (PPUF) to perform the cryptography. The PPUF includes a first physically uncloneable function (PUF) and a second physically uncloneable function. An arbiter determines the output of the circuit using the outputs of the first and second PUFs. Cryptography can be performed by simulating the PPUF with selected input. The output of the simulation, along with timing information about a set of inputs from where the corresponding input is randomly selected for simulation, is used by the communicating party that has the integrated circuit with the PPUF to search for an input that produces the output. The input can be configured to be the secret key or a part of the secret key.

The present invention relates to a method for sharing secure data between players (5) on a net said method comprising a cryptography step for data using an asymmetrical cryptographic method with double keys, each player (5) having at least one said double key. The method includes a step for initializing (STP1) a blockchain that includes an operation for storing, at least one initialization block (26) in the blockchain by a predetermined authority using at least one computer, said at least one initialization block (26) comprising at least one said transaction (36) that includes an identity record (84) of a major player, said authority no longer intervening at the end of the initialization step (STP1) at least outside a reinitialization step of a player.

Multimedia content may be delivered to content consumer devices via a content-delivery network. Encrypted content and cryptography keys for decrypting the content may be distributed from a data center to various nodes of the content-delivery network, each node acting as a semi-independent content-delivery system. Each content-delivery system is capable of delivering received content to end-users and implementing a key-management scheme to facilitate secure content-delivery and usage tracking, even when the content-delivery system is disconnected from the data center. In other words, the disclosed systems and methods facilitate the operation of nodes which may operate in “autonomous mode” when disconnected from a larger content-delivery network, thus maintaining content-delivery capabilities despite having little if any connectivity to external networks.

Elliptic Curve Cryptography (ECC) can provide security against quantum computers that could feasibly determine private keys from public keys. A server communicating with a device can store and use PKI keys comprising server private key ss, device public key Sd, and device ephemeral public key Ed. The device can store and use the corresponding PKI keys, such as server public key Ss. The key use can support all of (i) mutual authentication, (ii) forward secrecy, and (iii) shared secret key exchange. The server and the device can conduct an ECDHE key exchange with the PKI keys to mutually derive a symmetric ciphering key K1. The device can encrypt a device public key PK.Device with K1 and send to the server as a first ciphertext. The server can encrypt a server public key PK.Network with at least K1 and send to the device as a second ciphertext.

The invention relates to a white-box cryptography system for executing block cipher algorithms such as an AES (Advanced Encryption Standard), in particular to a method for enhancing the white-box cryptography security. The method comprises the following steps: under the situation of a given key, finishing encryption or decryption by a network of a plurality of lookup tables executing crypto-operation together, wherein the lookup table network can be partitioned into a plurality of lookup table groups which are executed in series and similar in structures, certain lookup table groups are relevant to the key while certain lookup table groups are irrelevant to the key, and the total quantity of the lookup table groups is random; and adding a random quantity of confused lookup table groups to increase the difficulty for an attacker to determine each wheel boundary in white-box implementation. In the presence of the lookup table network, the difficulty for the attacker to determine the wheel boundary of an original block cipher is high, so that a method for making attacks with the input and output of a single wheel becomes difficult.

The invention provides a Song ci poetry text message hiding technology based on hybrid encryption, which belongs to the information hiding and data security directions in the field of computers. The Song ci poetry text message hiding technology comprises the steps of encrypting secret information to be hidden by using an advanced encryption standard (AES) in a hybrid manner, encrypting an AES secret key by using an elliptic curve cryptography (ECC) algorithm, passing all information after encryption processing through a 140 tune name template library of the complete collection of Song ci poetry, and hiding the information by means of the system which is composed of templates, a dictionary, a steganographic device and an extractor, wherein the system can generate steganographic Song ci poetry through a random selection or template designation method according to the length of a cryptograph, and the sentence length, grammatical style and intonation sentence pattern of the steganographic Song ci poetry conform to the original Song ci poetry completely, thereby achieving the purposes of obfuscating attackers and ensuring secure transmission of the hidden information. The Song ci poetry text message hiding technology disclosed by the invention can solve the security problem of data transmission in channels, can provide double security measures of information hiding and data encryption, and has high practical application value.

The invention discloses a data security certification transmission method and device for an Internet of Things terminal. The method comprises the steps: presetting identification key pairs in a factory of an Internet of Things terminal, and presetting a corresponding public key matrix in an edge gateway; according to a preset identification key pair of the Internet of Things terminal and a presetpublic key matrix of the edge gateway, completing the bidirectional authentication of the Internet of Things terminal and the edge gateway, and acquiring a communication encryption/decryption key; andcompleting the encryption and decryption of transmission data between the Internet of Things terminal and the edge gateway by using the communication encryption/decryption key. And the problem that the traditional safety means is difficult to meet the Internet-of-Things scene is effectively solved. A key management system which is realized based on a public key cryptography technology and can beapplied to an Internet of Things terminal is constructed through a lightweight authentication system, online support of a third party is not needed, large-scale key generation is conveniently realized, the authentication efficiency is high, the authentication process is simple, a cryptographic protocol and a cryptographic module are realized on the basis of a national cryptographic algorithm, andthe interactive authentication and data encryption of the Internet of Things terminal are realized.

The invention discloses a method for conducting quantum secret key distribution on a passive optical network. An optical line terminal and/or an optical network terminal encrypt and decipher communication data needing transmitting on the passive optical network through a quantum secret key; and the quantum secret key is distributed through a quantum secret key distribution device. The invention further discloses the passive optical network, and a light distribution network is connected between the optical line terminal and the optical network terminal, the optical line terminal corresponds to one quantum secret key distribution device, and the optical line terminal is encrypted and deciphered through a quantum cryptography communication data. Each optical network terminal respectively corresponds to one quantum secret key distribution device, and the optical network terminal encrypts and deciphers the communication data through quantum cryptographies. The method depends on quantum mechanical properties, a quantum secret key transmitting procedure cannot be broken through, outside attacks can be easy to find, and the quantum secret key encrypts the data, achieves an encryption mode of one encryption once and guarantees absolute security of the data.

A decrypting apparatus for decrypting cryptography data included in a packet includes a receiver, a key generator, and a decrypting section. The receiver receives a packet transmitted from an encrypting apparatus that executes an encrypting process. The key generator generates a key used for the encrypting process. The decrypting section decrypts cryptography data included in the packet received by the receiver with using the key generated by the key generator. In the decrypting apparatus, the packet received by the receiver includes packet information used for generating the key. The key generator generates the key with using the packet information.

A network and a device can support secure sessions with both (i) a post-quantum cryptography (PQC) key encapsulation mechanism (KEM) and (ii) forward secrecy. The device can generate (i) an ephemeral public key (ePK.device) and private key (eSK.device) and (ii) send ePK.device with first KEM parameters to the network. The network can (i) conduct a first KEM with ePK.device to derive a first asymmetric ciphertext and first shared secret, and (ii) generate a first symmetric ciphertext for PK.server and second KEM parameters using the first shared secret. The network can send the first asymmetric ciphertext and the first symmetric ciphertext to the device. The network can receive (i) a second symmetric ciphertext comprising “double encrypted” second asymmetric ciphertext for a second KEM with SK.server, and (ii) a third symmetric ciphertext. The network can decrypt the third symmetric ciphertext using the second asymmetric ciphertext.

The present invention discloses a quantum cryptography implementation method based on a quantum light source. The method comprises the following steps: generating a labeled single photon source through a PDC process, transmitting signal light to a receiving end, and allowing casual light to be used for local detection. The local detection of the transmitting end comprises a beam splitter (BS), a detector D1 and a detector D2. The casual light passes by the beam splitter to trigger the two detectors to generate four different response events. The four different response events are recorded andused for estimation and processing the signal received by the receiving end, so as to extract a secret key. Due to the usage of a novel passive decoy method, the single photon response rate and bit error rate can be estimated accurately. With a low-loss unequal-arm MZ interferometer used, the consumption of the system is greatly reduced. The single-mode standard commercial light enables the QKD system transmission distance to be over 200 km and based on a quantum light source, so that the final secret key extraction rate is two orders higher than that in the previous QKD system using the quantum light source.