34 results about "Key revocation" patented technology

A method and system for encrypting a first piece of information M to be sent by a sender [100] to a receiver [110] allows both sender and receiver to compute a secret message key using identity-based information and a bilinear map. In a one embodiment, the sender [100] computes an identity-based encryption key from an identifier ID associated with the receiver [110]. The identifier ID may include various types of information such as the receiver's e-mail address, a receiver credential, a message identifier, or a date. The sender uses a bilinear map and the encryption key to compute a secret message key g_ID^r, which is then used to encrypt a message M, producing ciphertext V to be sent from the sender [100] to the receiver [110] together with an element rP. An identity-based decryption key d_ID is computed by a private key generator [120] based on the ID associated with the receiver and a secret master key s. After obtaining the private decryption key from the key generator [120], the receiver [110] uses it together with the element rP and the bilinear map to compute the secret message key g_ID^r, which is then used to decrypt V and recover the original message M. According to one embodiment, the bilinear map is based on a Weil pairing or a Tate pairing defined on a subgroup of an elliptic curve. Also described are several applications of the techniques, including key revocation, credential management, and return receipt notification.

A method and apparatus is presented for revoking cryptographic keys within a distributed ledger system in which no central trusted authority is available, consisting of sending a key revocation message by a network connected device to other network connected devices over a peer-to-peer network for inclusion in a ledger. In one embodiment the revocation message is signed using a private key of a public/private key pair to be revoked. In another embodiment an authorization for future revocation of the public/private key pair by a plurality of other public/private keys is sent for inclusion in the ledger, and subsequently the key revocation message is signed with one of the private keys of the plurality of public/private key pairs before sending the key revocation message. Once a valid key revocation message is included in the ledger, any future request to include a message signed by the revoked cryptographic key is rejected.

A method for managing wireless multi-hop network key is applicable to a security application protocol when a WAPI frame method (TePA, an access control method based on the ternary peer-to-peer identification) is applied in a concrete network containing a Wireless Local Area Network, a Wireless Metropolitan Area Network AN and a Wireless Personal Area Network. The key management method of the present invention includes the steps of key generation, key distribution, key storage, key modification and key revocation. The present invention solves the technical problems that the prior pre-share-key based key management method is not suitable for larger networks and the PKI-based key management method is not suitable for wireless multi-hop networks; the public-key system and the ternary structure are adopted, thereby the security and the performance of the wireless multi-hop networks are improved.

The invention discloses an attribute encryption method based on multi-linear mapping and achieving a strategy of secret key revocation in an authority separating way, which is provided for single attribute revocation of a user. The user can finish a decryption process only when a cryptograph attribute set satisfies the secret key strategy of the user. Specifically, an authority center makes subordinate authorities. Each subordinate authority commands a main secret key of its own and participates in a public parameter establishing process. An assess strategy is converted into an access structure according to a linear secret sharing algorithm. User private keys under corresponding access structures are generated. According to the attribute set and a known revocation list, information encryption is performed. Whether the user is in the revocation list is further judged. A decryption process is finished. In consideration of known private keys and users, a tracking algorithm is established to judge the relevance of users and private keys. By means of the method provided in the invention, the problem that all attributes of non-users are canceled during a single user attribute revocation process is solved. The relevance of users and private keys is verified. The scheme operation efficiency and the overall safety can be improved. The scheme is enabled to resist quantum attacks.

An apparatus for providing key management for a mobile authentication architecture may include a processor. The processor may be configured to provide a request for key revocation over an interface otherwise defined for sharing key acquisition information between a bootstrapping server function and a network application function, and cancel key information associated with the request for key revocation.

The invention discloses an information service entity identity management system and a quick identity revocation method, which can solve the problem of instant revocation of an entity identity. A keyrevocation module is added in an identity management system, and the key revocation module includes a security arbitration unit, which can quickly revoke the identity of an information service entitywhen services of the information service entity are invalid or illegal. The implementation of the quick revocation method includes the following steps that: system initialization is performed, and keygeneration and segmentation of the information service entity is performed; and the information service entity and the security arbitration unit cooperate with part of private keys to implement the signature of a message, and a verification server verifies the signature of the message to achieve the unified management and authentication of a network space information service entity identity. According to the scheme of the invention, the invalid or illegal identity can be quickly revoked, the computational security is based on the difficulty of solving discrete logarithms on elliptic curves, the characteristic of quick revocation can be realized, high security can also be achieved, and the scheme is suitable for network environments with high security requirements.

A copyright protection system is provided that keeps manufacturing costs down regardless of the total number of playback apparatuses belonging to the system. In this system, a device key generating unit of a key management apparatus performs a modular exponentiation operation on a random number with an inverse element of a product of predetermined prime numbers, so as to generate and distribute device keys to playback apparatuses in one-to-one correspondence. A key revocation data generating unit generates, as key revocation data, information identifying the prime numbers used by an unrevoked playback apparatus to generate a decryption key from its device key and distributes the key revocation data along with an encrypted content to each playback apparatus. Playback apparatuses each attempt to generate a description key based on the key revocation data, and only those playback apparatuses that have successfully generated a decryption key are able to decrypt the encrypted content.

The invention discloses a key revocation method for a key management tree in a cloud database. The method comprises the steps of correspondingly generating a key revocation management tree for an existing key management tree structure of the cloud database while the tree structure is generated; recording the revocation state of each key management tree node of the cloud database; and when a user carries out revocation operation, updating corresponding key revocation management tree state, and thus completing the revocation process. The problems of increased storage expense and management difficulty and a lot of computation expense in a re-encryption process due to the fact that the key storage expense is increased along with an increase of the revocation times when key revocation is carried out on the key management tree in an existing cloud database are solved.

The embodiment of the invention relates to a secret key updating method and device, a multi-attribute authority management system, equipment and a medium, wherein the method applied to a target attribute authority server comprises the steps of generating a new random secret key for a target attribute carried in an attribute authority revocation message when the attribute authority revocation message is received, and replacing the original random key of the target attribute; based on the new random key, the original random key and the identity information of the target user, obtaining current key update messages corresponding to attribute authority servers in the multi-attribute authority management system; and broadcasting the obtained current secret key updating message, wherein the current secret key updating message is used for indicating other user terminals in the multi-attribute authority management system to update the decryption private keys of the target attributes stored by the other user terminals respectively. According to the mode, the calculation overhead required by key revocation can be effectively reduced, and the security and reliability of key revocation can be fully guaranteed.

A tree is used to partition stateless receivers in a broadcast content encryption system into subsets. Two different methods of partitioning are disclosed. When a set of revoked receivers is identified, the revoked receivers define a relatively small cover of the non-revoked receivers by disjoint subsets. Subset keys associated with the subsets are then used to encrypt a session key that in turn is used to encrypt the broadcast content. Only non-revoked receivers can decrypt the session key and, hence, the content.

The invention provides a digital key authorization issuing and withdrawing method and system, and the method comprises the following steps: S1, a key management platform carries out the operation of adding or deleting a key, a white list is locally updated after the operation succeeds, and the data in the white list is a set of key serial numbers; S2, other equipment synchronizes the updated white list to the vehicle end; S3, the vehicle end checks the validity of the white list and stores the white list, whether the serial number corresponding to the key is in the white list or not is checked through security authentication, and if the serial number does not exist in the white list, it is judged that the key is illegal. According to the method and system, a data list capable of identifying corresponding key information is maintained, and the list of the data corresponding to the key information effectively supports key revocation operation; issuing and withdrawing operations of the digital key are effectively supported; and on the premise that the number of available keys is always limited, the reliability of the operation of recording the key state is kept by the vehicle end.

The invention discloses a novel message signature method for a sparse movable Ad Hoc network, which can be used for the message signature authentication of the sparse Ad Hoc network, and belongs to the technical field of wireless communication networks. The method comprises the following steps of: establishing a system, generating a private key, executing a signature algorithm and executing a verification algorithm. In the method, the need of a signing and authenticating third party is obviated by adopting an identity-based cryptosystem; key revocation is performed by using key survival time; a node private value is added in the process of generating the private key to solve the problem of key escrow; the harm to the network due to key revealing is limited by using a message signature survival time threshold value; and the signature by elliptic curve bilinear pair reduces key length, calculated amount, signature length, storage space and the bandwidth of a communication link.

The invention provides a general identifier representation method for identifier password updating and revocation. The method comprises the following identification forms: identifier password identifier = body identifier + aging identifier + version number, time efficiency identifier = time slice level + time slice serial number, wherein the identifier password identifier is composed of the body identifier, the time efficiency identifier and the version number; the time efficiency identifier consists of the time slice level and the time slice serial number, and the time efficiency is used forperiodically updating the identifier; the version number is used for revoking the identifier in the validity period, and the version number is accumulated from 0 to top; the time efficiency identifieradopts a form of an effective time slice grade and an effective time slice serial number, along with the improvement of the time slice level, the time length represented by the time slice is increased exponentially, and the time slices of all levels adopt the same starting time. According to the relation between secret key updating and secret key revocation in the identification password system,the characteristics of the layered identifier password system are combined, and secret key revocation comprises two parts of revocation when a secret key expires and active application revocation before the secret key expires.

Embodiments of the invention provide methods for key fob to control unit verification, retention, and revocation. After an initial pairing between a key fob and a control unit, the devices share a secret operation key (OpKey). For verification, the key fob sends the 8 lowest-order bits of a 128-bit counter and some bits of an AES-128, OpKey encrypted value of the counter to the control unit. For key revocation and retention, the control unit is prompted to enter an OpKey retention and revocation mode. Subsequently, each of the remaining or new key fobs is prompted by the user to send a verification message to the control unit. When the control unit is prompted to exit the OpKey retention and revocation mode, it retains the OpKeys of only the key fobs that sent a valid verification message immediately before entering and exiting the OpKey retention and revocation mode.

The invention relates to a power data privacy protection system, an implementation method thereof and an encryption attribute revocation method. The power data privacy protection system comprises six entities: an attribute authorization center, a power data owner, a power data user, a cloud storage server, a proxy decryption server and a user verification center, and the six entities communicate with one another through the Internet; an attribute encryption technology is introduced, a private key revocation scheme is given, the fine-grained decryption permission of a user is realized through an attribute-based encryption mode, whether the user has the decryption permission or not is judged through user attributes, and the privacy of the electricity user is protected. The method is used for protecting user privacy data and preventing malicious access.

The invention provides an interference and loss stopping delegation and position holding strong binding method and system. The method comprises the steps of: carrying out first order detection for theorder elements of a delegation order, continuing to submit the delegation order if the delegation order passes detection, otherwise, carrying out the operation guidance of one-key order withdrawal; triggering a one-key revocation function key by sending out a prompt message, immediately revoking position binding of the delegation order after one-key revocation is triggered, and meanwhile, sendingout a new delegation order and setting position binding; and determining the transaction of the delegation order, performing second order detection on the delegation order, if the position binding ofthe delegation order does not belong to the strong binding relationship, prompting to add interference and loss stopping settings, and otherwise, stopping the transaction if the delegation order doesnot pass detection. Synchronous one-key operation is realized for operations such as client delegation and unbinding by adopting an informatization means, so that misoperation of a client is avoidedto a great extent.

The invention belongs to the technical field of data transmission security, and particularly relates to a secret key management system based on random secret key distribution in a mobile Ad Hoc network. The secret key management system based on random secret key distribution in the mobile Ad Hoc network comprises a secret key pool, a secret key distribution/updating module, a secret key index library, a secret key revocation module, a communication secret key generation module, a malicious node library and a plurality of network nodes. The secret key pool is connected with the secret key distribution/updating module, the secret key distribution/updating module is connected with the secret key index database, the secret key revocation module and the malicious node database, the secret key index database is connected with each network node, the secret key revocation module is connected with the malicious node database, and the malicious node database is connected with each network node. And the communication key generation module is connected with each network node.