79 results about "Key establishment" patented technology

Two approaches are provided for distributing trust among a set of certificate authorities. Both approaches are equally secure. In each approach, a secure data parser is integrated with any suitable encryption technology. Each approach may be used to secure data in motion. One approach provides methods and systems in which the secure data parser is used to distribute trust in a set of certificate authorities during initial negotiation (e.g., the key establishment phase) of a connection between two devices. Another approach of the present invention provides methods and systems in which the secure data parser is used to disperse packets of data into shares. A set of tunnels is established within a communication channel using a set of certificate authorities, keys developed during the establishment of the tunnels are used to encrypt shares of data for each of the tunnels, and the shares of data are transmitted through each of the tunnels. Accordingly, trust is distributed among a set of certificate authorities in the structure of the communication channel itself.

A method and system for pre-authenticating a pre-establishing key management on a roaming device prior to reassociation to facilitate fast hand-off in a wireless network is described. For enhanced mobility, both authentication and key establishment is performed prior to reassociation of the roaming device between access points. When the roaming device enters in contact with one of the access points, a local authentication is performed between the access point and the roaming device prior to reassociation with the access point to allow for fast hand-offs of the device between access points within the network.

One embodiment of the present invention provides a system for establishing a shared cryptographic key between participating nodes in a network. The system operates by sending a first message from the first node to the second node requesting establishment of a shared key. The second node sends a second message containing identifiers and a message authentication code to a key distribution center (KDC). The authentication code is generated using a second node key belonging to the second node. The KDC recreates the previously created second node key using the second node identifier and a secret key known only to the key distribution center. The KDC then verifies the message authentication code using the second node key. If the message authentication code is verified, the KDC creates a shared key for the nodes to use while communicating with each other. The KDC securely communicates this shared key to the participating nodes

A suite of efficient authentication and key establishment protocols for securing contact or contactless interfaces between communicating systems. The protocols may be used in secure physical access, logical access and/or transportation applications, among other implementations. The system authenticates a mobile device such as a smart card and/or mobile phone equipped with a secure element presented to one or more host terminals and establishes shared secure messaging keys to protect communications between the device and terminal. Secure messaging provides an end-to-end protected path of digital documents or transactions through the interface. The protocols provide that the device does not reveal identification information to entities different from a trusted host. The terminal may be a contactless reader at a door for controlling physical access, a desktop, laptop or kiosk for controlling logical access, and/or an access point for obtaining an encrypted digital ticket from an authenticated mobile device used for transit applications.

A split knowledge protocol adapted to establish an initial key for use in authenticating a first computer to a second computer. The second computer initiates the split knowledge protocol by generating a bit sequence and splitting the sequence into a predetermined number of segments. The second computer then encrypts each segment with a predetermined key associated with each segment before transmitting each encrypted segment to the first computer. In response, the first computer decrypts each encrypted segment using the associated key. The first computer then recovers the bit sequence from the decrypted segments. Accordingly, the first and second computers have knowledge of (i.e., access to) the same bit sequence, which may thus be used as the initial key.

A system for allowing two or more wireless devices to form a secure relationship despite any other device that may be attempting to intercept information exchanged between the devices. The process may be performed automatically by the devices, yielding security information that may be used to authenticate information believed to have been sent from a known device. The security information may include at least an encryption key utilized to identify previously encountered known devices and for securing communication with these devices. The security key may be computed by analyzing the transmission and receipt of advertising messages, or by analyzing the contents of pseudorandom information contained in advertising message payloads.

The present invention relates to a method whereby the mobile station and a visitor location register create and share a ciphering key and an integrity key in order to directly authenticate each other. The communication method in a mobile communication system such as this includes registering the mobile station with the home location register; and having the mobile station and the visitor location register directly authenticate each other and mutually share a ciphering key and an integrity when the mobile station moves to the visitor location register.

The invention relates to a smart community home gateway-based safety payment method. The smart community home gateway-based safety payment method comprises the following steps: a, wirelessly connecting a home gateway with a terminal through a Zigbee mode and establishing a safety payment center in the home gateway; b, submitting a financial payment enabling request by the terminal and prompting the terminal to input a payment admission password by the home gateway; c, establishing a payment key by the safety payment center by using an SKKE (Symmetric-key Key Establishment) protocol; d, encrypting an MAC (Media Access Control) address of the home gateway by the safety payment center by using a binding key and transmitting to a bank server together with corresponding financial payment account and password; and e, checking the transmitted financial payment account, the password, the decrypted MAC address and the MAC address extracted in the transmitted information by the bank server, and performing payment operation when the financial payment account, the password, the decrypted MAC address and the MAC address extracted in the transmitted information are correspondingly consistent. The smart community home gateway-based safety payment method is convenient in payment operation, and the safety and the reliability of payment are improved.

A method and apparatus for deriving an encryption key for use between two stations in a wireless network using information intrinsic to one of the stations, without exchanging pairwise transient keys.

A key management and node authentication method for a sensor network is disclosed. The method comprises the following steps of: 1) keys pre-distribution: before deploying the network, communication keys for establishing security connection between nodes are pre-distributed to all of nodes by a deployment server. 2) Keys establishment: after deploying the network, a pair key for the security connection is established between nodes, which includes the following steps of: 2.1) establishment of shared keys: the pair key is established between neighbor nodes in which the shared keys are existed; 2.2) path keys establishment: the pair key is established between the nodes in which there is no shared keys but there is a multi-hop security connection. 3) Node identity (ID) authentication: before formally communicating between nodes, the identity is authenticated so as to determine the legality and the validity of the identity of the other. It is possible for effectively resisting attacks such as wiretapping, tampering, and replaying and the like for the network communication, realizing the secret communication between the nodes, effectively saving resources of the nodes of the sensor network, and prolonging the service lift of the sensor network in the method.

The invention provides a method and a device for one-key establishment of communication connection between Bluetooth devices. The method is realized by installing an application program in a smart phone and comprises the steps of obtaining Bluetooth authority and opening a Bluetooth function of the smart phone to enable that the smart phone can be searched by surrounding Bluetooth devices; controlling a Bluetooth adapter to search all the surrounding Bluetooth devices; judging whether a bound Bluetooth device exists; if the bound Bluetooth device exists uniquely, automatically connecting the Bluetooth device; otherwise, displaying the names of the multiple bound Bluetooth devices in a screen and automatically connecting the Bluetooth device which is selected by a user based on the selection of the user; and if no bound Bluetooth device exists, displaying the names of the searched Bluetooth devices in the screen one by one and then automatically connecting the Bluetooth device which is selected by the user based on the selection of the user. According to the method and the device for one-key establishment of communication connection between the Bluetooth devices, communication connection between two Bluetooth devices can be established automatically through one key, and the user can connect the smart phones by using the Bluetooth devices conveniently.

Method for distributing a group session cryptographic key includes initiating at least one pairwise key distribution session including a root node (100) and at least one communication node (101-107). The method further includes performing at a communication node which has received the group session cryptographic key a propagated pairwise key distribution session with at least one of the communication nodes which has not previously received said group session cryptographic key. The propagated pairwise key distribution sessions are performed at each of the communication nodes which subsequently receives the group session cryptographic key until the group session cryptographic key has been securely provided to all authorized communication nodes.

A system and method for signing a message and establishing a symmetric key between two entities. A plurality of leaves are generated, each including public and private values of a Lamport signature; a plurality of trees are generated each including a subgroup of leaves; leaves of a first nested tree are used for signing messages sent to a second entity. If a first nested tree is exhausted, then a leaf of a following tree is used for signing and a root of the following tree together with an auxiliary value are published, the auxiliary value enabling the second entity to verify that the root of the following tree was generated by the first entity. The symmetric key is generated using a modified Merkel puzzle including a plurality of rows, each including a plurality of hashed values. The modified Merkel puzzle may be signed using a leave of a nested tree.

A framework, device and method are disclosed for providing broadcast communication security over Ethernet within an automation system, wherein a security plug provides secure working of the automation system. The security plug can be implemented using ASIC/FPGA technology to provide compatibility with existing systems and an intuitive plug-and-play model. An exemplary system can address jitter-sensitivity by providing a real-time architecture, with minimal transmission latencies. The security plug can have separate security and communication modules that make provisions for protocol independent working of the security plug, within these networks. The method can include bootstrapping, secret key establishment and secure communication, for providing real-time guarantees.

The invention discloses a method for protecting the security of digital signature documents of multiple verifiers strongly designated by multiple signers. The method is implemented according to the following steps: step 1, system parameter generation: selecting a cyclic group the order of which is prime number and a one-way Hash function of cryptography; step 2, user secret key establishment: selecting private keys for the multiple signers secretly, distributing by a secret channel, generating public keys for each signer ,selecting private keys for multiple designated verifier secretly and distributing the private keys by a secret channel; step 3, signature process: calculating digital signatures of strongly designated verifiers on information m through operation by the multiple signers; step 4, verifying process: verifying whether the equation is valid by digit operation; if so, the verification is successful; if not, the verification fails. The method of the invention has highly operation efficiency and can provide security protection of completeness, authenticity and non-repudiation of the electronic documents in storage process or transmission process.

The invention relates to a matrix type key management method for LoRaWAN, and belongs to the field of the wireless wide area network. The method comprises the following steps: generating a symmetrix matrix of the key computation by using a random number seed pool R and a line limit number M, and accomplishing the negotiation in the key establishment with the help of the existing AppEUI, AppNonce and DevNonce in the LoRa access interaction message; generating the auxiliary material required by the individual key by using the specific message content of the LoRa and the character thereof; computing by using the matrix type matrix to obtain the AppSKey and NwkSKey required by the LoRa; and realizing the key update based on the WOR function by using the specific CAD mode of the LoRa radio frequency chip. Through the method disclosed by the invention, the conflict between the improved Blom key management key and the LoRa protocol is solved, and the security of the LoRa network has a certainimprovement.

The invention discloses a shared secret key establishment method between wireless equipment based on receiving signal intensity. The method comprises the steps that 1) a security isolation environment is created for two sets of wireless equipment; 2) initiation equipment transmits multiple authentication requests to response equipment according to the set transmitting power and the set time interval; 3) the response equipment calculates the standard deviation of the receiving signal intensity; and if the standard deviation of the receiving signal intensity is less than a threshold value, an authentication passing message is replied to the initiation equipment, or authentication is not passed; 4) the initiation equipment generates a secret key K of which length is m bits, and then transmits m data packets to the response equipment; 5) the response equipment records the signal receiving intensity of the m data packets and recovers a secret key K' of which length is m bits according to m receiving signal intensity, and then replies a message encrypted by the secret key K'; and 6) the initiation equipment performs decryption by using the secret key K, and replies an authentication success message if decryption is successful so that secret key sharing is completed. Communication security is greatly enhanced by the shared secret key establishment method between the wireless equipment based on the receiving signal intensity.