58 results about "Key encapsulation" patented technology

The invention provides a key configuration method to a designated group. The method mainly comprises that the designated group is configured with a shared public key to obtain the private key of each member in the designated group, and sends the private keys to the corresponding group member. The adoption of the method of the invention is able to efficiently decrease the workload of both a sender and a receiver, and also carry out the key packages to all the group members.

The present invention discloses a method for remotely issuing a POS key, comprising the following steps in sequence: S1. a POS terminal uploads a request to acquire a public key to a management platform, and the management platform issues the public key to a POS machine; S2. the POS machine generates a transmission key at random, encrypts same using the public key, and uploads same to the management platform, and the management platform decrypts and verifies same using a private key; S3. after the transmission key passes validation, the management platform decrypts same to obtain transmission key plaintext, encrypts a master key using the transmission key plaintext, and returns same to the POS terminal; and S4. after decrypting same, the POS terminal encapsulates the master key in the machine, and notifies the platform of key encapsulation success. By means of the method for remotely issuing a POS key disclosed by the present invention, key encapsulation can be performed on each POS machine through a mechanism requested by a customer without performing key encapsulation on each POS machine by the manufacturer before it leaves the factory or by the merchant before delivery, thereby greatly saving time costs of key encapsulation.

A key exchange device includes an initial setup unit that generates a verification key that serves as a public key and a signature key based on a discretionary random tape, a session identifier based on a first random tape, and a secret key based on a second random tape; an arithmetic unit that generates an encrypted second random tape by an arithmetic operation of a pseudo-random function having the second random tape and the secret key as variables and an encrypted third random tape by an arithmetic operation of the pseudo-random function having a third random tape and the secret key as variables; a key encapsulation processing unit that generates a key-encapsulated public key and a key-encapsulated secret key based on the encrypted second random tape to transmit the key-encapsulated public key to an other party of key exchange and decrypts a session key using the key-encapsulated public key and a key-encapsulated ciphertext received from the other party of key exchange; and a verification processing unit that generates a signature based on the signature key, a transmission message and the encrypted third random tape, transmits the signature to the other party of key exchange and verifies a signature received from the other party of key exchange based on a verification key that is a public key of the other party of key exchange, a received message and the signature received.

The invention discloses an ABOOE method. The ABOOE method has the plaintext safety selection function and the ciphertext safety selection function. The encryption process based on ABE is decomposed into the offline stage and the online stage. At the offline stage, on the premise that plaintexts and needed attribute sets are unknown, complex calculation need by encryption is preprocessed; at the online stage, after messages and the attribute sets are known, ciphertexts can be generated only with a small amount of simple calculation. A construction method and corresponding schemes of an ABOOKEM are provided, and the safe and universal ABOOE method for converting the one-way ABOOKEM into CCA is constructed. According to the method, safety of the ABOOE method is effectively improved on the premise that the calculated amount is not increased. According to the ABOOE method, encryption efficiency of ABE is improved, and the ABOOE method is suitable for terminal equipment of which the calculated amount is highly limited.

A network and a device can support secure sessions with both (i) a post-quantum cryptography (PQC) key encapsulation mechanism (KEM) and (ii) forward secrecy. The device can generate (i) an ephemeral public key (ePK.device) and private key (eSK.device) and (ii) send ePK.device with first KEM parameters to the network. The network can (i) conduct a first KEM with ePK.device to derive a first asymmetric ciphertext and first shared secret, and (ii) generate a first symmetric ciphertext for PK.server and second KEM parameters using the first shared secret. The network can send the first asymmetric ciphertext and the first symmetric ciphertext to the device. The network can receive (i) a second symmetric ciphertext comprising “double encrypted” second asymmetric ciphertext for a second KEM with SK.server, and (ii) a third symmetric ciphertext. The network can decrypt the third symmetric ciphertext using the second asymmetric ciphertext.

The invention provides a key distribution and reconstruction method based on the mobile internet. The method includes the steps of S1, constructing an identity-based key packaging model and a verifiable random function; S2, distributing keys; S3, reconstructing the keys. A calculable collusion-proof equilibrium method is designed, a protocol collusion-proof game-with-entropy model is constructed, and thus collusive attack of participants is prevented; a cryptographic protocol communication game model is constructed, and the defect that password protocols constructed in the broadcast communication network are unable to be implemented in the mobile internet is overcome; the key packaging mechanism applicable to the verifiable random function is studied, the rational key sharing protocol requiring no pubic key infrastructure is designed, and calculation fairness and delivery in the mobile internet is guaranteed; finally, the protocol is subjected to security analysis and proving through the theory of provable security.

The invention relates to a unicast secret communication method and a multicast secret communication method based on identity, and belongs to the field of communication and information security technologies. Security communication channels are established based on identity cryptography, and privacy and security of legal user operation are guaranteed. Key management is easy, a system key management center only needs to be responsible for creating distributing a private key to each user and manages a master key of the security center and a set of common parameter files, identity is taken as an identification key to be packaged, and secret communication based on the cryptology can be realized as long as identity labels of the others are acquired.

The invention discloses a distributed data security sharing method and system based on a block chain, and a computer readable medium. The method comprises the following steps: outputting a system master key pair and a user key pair; performing encryption; packaging and then uploading the system master key to the block chain; generating a conversion key by the master key agency storage node; converting the key calculation node to generate a new capsule; obtaining the master key ciphertext from the block chain by the data user and obtaining the system master key; obtaining an attribute private key; and obtaining the shared data ciphertext by the data user, inputting the attribute private key, and obtaining the plaintext through a decryption algorithm. According to the distributed data security sharing method and system based on the block chain, and the computer readable medium, key encapsulation of the master key is realized by using a distributed proxy key encapsulation mechanism, the problem of secure distribution and management of the master key in a block chain network is solved, the generation efficiency of the private key is improved, and the problems of safe distribution and management of the master key in the block chain network and the like in the prior art are solved.

The invention discloses a public key encryption method based on cells. The invention firstly proposes a class of asymmetric modular band error learning (AMLWE) mathematics difficulty problems, and also provides variations and generalized definitions of the class of mathematics difficulty problems. Based on the AMLWE mathematical difficulty problem, the invention provides a public key encryption method for selecting plaintext security on a grid. Based on the encryption method, the invention also provides a key encapsulation mechanism for selecting ciphertext security and a public key encryptionmethod for selecting ciphertext security. The public key encryption method and the key packaging mechanism designed by the invention have the characteristics and advantages of proving security, resisting quantum computer attacks, being short in public key and ciphertext length, high in calculation efficiency, flexible in parameter selection and the like. By utilizing a universal conversion method, the invention also provides (authenticated) a key exchange protocol.

A data encryption method based on a quantum shared key. The data sender generates a symmetric content encryption key Rs through a quantum random number generator; the content encryption key Rs of the sender is encrypted with the key Rc shared with the receiver to form an The key-encapsulated ciphertext C; the sender uses the content encryption key Rs to encrypt the data content to form the content ciphertext X; the sender packs the key-encapsulated ciphertext C and the content ciphertext X and sends it to the receiver, and the receiver uses the key The Rc decryption key encapsulates the ciphertext C to obtain the content encryption key Rs, and then uses Rs to decrypt the content ciphertext X to restore the data content. Compared with the prior art, the sending end of the present invention encrypts data content with a local content encryption key, encrypts the content encryption key with a key shared with the receiving end, and encrypts data with a content encryption key. Compared with using a shared key The method for directly encrypting the data content and then transmitting it does not need to encrypt the data content multiple times for the point-to-point communication, thereby improving the encryption efficiency.

Methods are described for constructing a secret key by multiple participants from multiple ciphertexts such that any quorum combination of participants can decrypt their respective ciphertexts and so generate a fixed number of key fragments that can be combined by a recipient to generate the secret key. Worked examples are described showing how the encryption keys for the ciphertexts may be key wrapped using a key encapsulation mechanism for which ciphers that are resistant to attack by a quantum computer may be used. In these cases, a post-quantum quorum system is realised. Methods are described by which the quorum key fragment ciphertexts may be updated so that the original key fragments become invalid without necessitating any change to the secret key.

A device and a network can authenticate using a subscription concealed identifier (SUCI). The device can store (i) a plaintext subscription permanent identifier (SUPI) for the device, (ii) a network static public key, and (iii) a key encapsulation mechanism (KEM) for encryption using the network static public key. The network can store (i) a device database with the SUPI, (ii) a network static private key, and (iii) the KEM for decryption using the network static private key. The device can (i) combine a random number with the SUPI as input into the KEM to generate a ciphertext as the SUCI, and (ii) transmit the ciphertext/SUCI to the network. The network can (i) decrypt the ciphertext using the KEM to read the SUPI, (iii) select a key K from the device database using the SUPI, and (iv) conduct an Authentication and Key Agreement (AKA) with the selected key K.

The invention discloses an encapsulation method of domain license cipher key, include: encrypting the content encryption key and message verification cipher key by using the domain cipher key, for acquiring a first cipher text; encapsulating the first cipher text into the domain license. The invention simultaneously discloses a communication apparatus. Adoption of the invention can realize domain licensed cipher key encapsulation process, ensures the security protection of cipher key information in the transference process, and has simple realization and strong practicability.

The invention discloses an authentication key exchange method based on a message recovery signature, and mainly solves the problems of relatively large communication traffic and relatively weak security in an original scheme. The method comprises the following implementation steps: each user generates a digital signature public and private key pair; the first user generates a secret key packagingpublic and private key pair of the first user and signs and sends the secret key packaging public and private key pair; the second user verifies the signature sent by the first user; the second user encapsulates the key and generates a hash value of the session process; the second user signs the ciphertext and the Hash value of the session process and sends the ciphertext and the Hash value to thefirst user; the first user verifies the signature sent by the second user; the first user de-packages and verifies the hash value of the session process; and both parties calculate session keys. Theauthentication key exchange protocol is constructed through the digital signature with the message reply mode and the key packaging mechanism, the communication traffic is saved, the security of the protocol is improved, and the method can be used for the Internet of Vehicles and ground-air communication.

A method and apparatus for performing a secure voice call is provided. The method includes generating an encryption key to be used in the secure voice call, encapsulating the encryption key using a pre-agreed upon master key, generating at least one dedicated frame including the encapsulated encryption key, transmitting the at least one dedicated frame in place of at least one voice frame generated by a vocoder to a counterpart User Equipment (UE), receiving an Acknowledgement (ACK) frame indicating successful reception of the encryption key from the counterpart UE, encrypting the at least one voice frame generated by the vocoder using the encryption key and transmitting the encrypted at least one voice frame to the counterpart UE, after receiving the ACK frame, and decrypting the at least one voice frame received from the counterpart UE using the encryption key, after receiving the ACK frame.

A network and a device can support a secure session with both (i) multiple post-quantum cryptography (PQC) key encapsulation mechanisms (KEM) and (ii) forward secrecy. The network can operate (i) a first server for conducting KEM with the device and (ii) a second server for generating a digital signature which can be verified by the device with a server certificate. The first server can receive a device ephemeral public key (ePK.device) and generate (i) a server ephemeral public key (ePK.server) and private key. The first server can send, to the second server, data comprising ciphertext for the ePK.device, ePK.server and the server certificate. The second server can (i) generate the digital signature over the data, and (ii) send the digital signature to the first server. The first server can conduct a KEM with ePK.device and the ciphertext in order to encrypt at least ePK.server and the digital signature.

The present invention discloses a safe and efficient one-round tripartite key exchange method under a standard model. The method comprises a step 1 of setting a safety parameter of the multi-receiver secret key packaging input, generating a bilinear group, selecting an element from the bilinear group to generate a system parameter; a step 2 of selecting a private key of each receiver from a positive integer multiplication group according to the generated system parameter, and calculating a public key according to the selected private keys; a step 3 of each user generating a temporary public key pair and a private key pair according to the generated system parameter, and sending the temporary public key pair to other two users; a step 4 of each receiver using the own long-term and temporary private keys, and calculating a final session key according to the received temporary public key. A secret key generation algorithm of the present invention has the highest efficiency, for users, the communication security of a specific group can be guaranteed in a specific group environment, the external attack and the break of the communication activity of the specific group are prevented.

The embodiment of the invention relates to the technical field of information security, and discloses a processor for implementing a post quantum cryptography Saber algorithm, the processor is implemented by hardware and comprises a storage module for storing data and instructions, the processor uses a customized reduced instruction set, and the instructions stored in the storage module are instructions in an instruction set; the function module is used for executing operations related to the post quantum cryptography Saber algorithm, and the function module comprises the following sub-modules: a third generation secure hash algorithm SHA3 sub-module, a binary sampling sub-module, a polynomial multiplier, an encryption and decryption sub-module, a verification sub-module and a data bit width conversion sub-module; and the control module is used for controlling each sub-module in the functional module to execute corresponding operation according to the instruction stored in the storage module so as to realize at least one of key generation, key encapsulation and key de-encapsulation in the post quantum cryptography Saber algorithm. According to the embodiment of the invention, the resource overhead can be saved while high efficiency is realized.

The invention belongs to the technical field of quantum key distribution, and particularly relates to a strong authentication method and system based on a quantum symmetric key, and the method comprises the steps: obtaining a quantum key file, and carrying out the secret amplification of the quantum key file according to a poly1305 algorithm; packaging the obtained quantum key by using a key packaging algorithm and a user password; the sender performing decapsulation to obtain a quantum key and a plaintext, obtaining a message authentication code, a ciphertext and a unique value through a poly1305 algorithm, and transmitting the message authentication code, the ciphertext and the unique value to the receiver through a public network after packaging; and the receiver receiving the packagedmessage, unpacking the packaged message to obtain a ciphertext, a unique value and a received message identification code, calling a quantum key and a poly1305 algorithm to calculate to obtain a plaintext and a calculated message identification code, and comparing whether the calculated message identification code is the same as the received message identification code to identify the integrity ofthe message. Message integrity of users of two communication parties can be powerfully guaranteed, leakage of sensitive information is effectively prevented, decoding of a quantum computer is resisted, and information safety is ensured.

The invention provides a privacy-protected mobile communication authentication method, belongs to the field of communication technologies and information security technologies, and aims to enhance privacy protection in mobile communication authentication. In an initialization stage of a 5G-AKA protocol, user equipment and a mobile operator negotiate to generate a session key through a key encapsulation mechanism and store the session key; in a challenge-response stage of the 5G-AKA protocol, the mobile operator randomly selects a challenge value R, encrypts the challenge value R by adopting the session key, and generates an authentication vector according to the encrypted challenge value R'; after receiving the authentication vector, the user equipment decrypts the R' by adopting the session key to obtain a decrypted challenge value, and generates information corresponding to the execution state of an SIM card according to the decrypted challenge value; and the mobile operator selectsa corresponding processing mode according to the type of the information.

Some embodiments are directed to a cryptographic device (20). A reliable bit function may be applied to a raw shared key (k*) to obtain reliable indices, indicating coefficients of a raw shared key, and reliable bits derived from the indicated coefficients. Reconciliation data (h) may be generated for the indicated coefficients of the raw shared key. A code word may be encapsulated using the reliable bits by applying an encapsulation function, obtaining encapsulated data (c) which may be transferred.

The invention provides a data security transmission method and system for the embedded AI chip on the edge side of the unmanned aerial vehicle. The first unique identifier corresponding to the embedded AI chip is generated through the embedded AI chip, the first unique identifier is encrypted to generate the identification string, and the encrypted identification string is sent to the server. And the server side obtains the program information of the embedded AI chip, generates a second unique identifier corresponding to the embedded AI chip, and compares the second unique identifier with the first unique identifier, if the comparison result is consistent, verification is passed, and the server side generates a dynamic 3DES encryption key and a dynamic 3DES decryption key, packages the dynamic 3DES encryption key and the dynamic 3DES decryption key into a response message and returns the response message to the embedded AI chip. Therefore, the embedded AI chip can subsequently encrypt or decrypt the data interacted with the server side by using the dynamic 3DES encryption key and the dynamic 3DES decryption key, so that the data interaction security between the unmanned aerial vehicle and the server side is improved.

The invention provides a block chain authorization calculation control method. According to the block chain authorization calculation control method, on an original energy chain open permission chain node, an encrypted byte stream packaged by using a key expanded by an instruction set is obtained; the surrounded container sends the encrypted byte stream packaged by using the key expanded by the instruction set to an untrusted environment, and writes encrypted data into a disk; the key is packaged in a way that a specific central processing unit (CPU) comprises a root key and a root SealKey which are stored in a storage circuit, a remote authentication process is supported to be started, and the root key is only supported by a platform.