124 results about "Keystore" patented technology

With files secured by encryption techniques, keys are often required to gain access to the secured files. Techniques for providing and using multiple levels of keystores for securing the keys are disclosed. The keystores store keys that are needed by users in order to access secured files. The different levels of keystores offer compromises between security and flexibility/ease of use.

Key banking methods and systems for quantum key distribution (QKD) are disclosed. A method of the invention includes establishing a primary key bank that stores perfectly secure keys associated with exchanging true quantum pulses between two QKD stations Bob and Alice. The method also includes establishing a secondary key bank that stores less-than-perfectly secure keys associated with exchanging relatively strong quantum pulses between Bob and Alice. The primary keys are used for select applications such as authentication that are deemed to require the highest security, while the secondary keys are used for applications, such as encrypted bit sifting, that are deemed to require less-than-perfect security. A benefit of the two-key-bank architecture is that exchanging primary and secondary keys actually allows for an increase in the distance over which the primary keys can be securely distributed

A system for recovery of data access of a locked secure storage device can comprise a keystore module and an authorization module. The keystore module may be configured to allow access to a master file system comprising a user encryption key for data stored within the locked secure storage device based on a master code. The authorization module may be configured to receive the administrator code, authenticate the administrator code, decode the master code, and reset a lockout parameter of the locked secure storage device.

A method and system is provided for storing a plurality of client certificate credentials via a client web browser into one or more keystore file(s). The client web browser is used to establish the secure data transfer link between the client and the server. The client web browser includes a plug-in software component. The plug-in software component is configured to generate the keystore file and a key pair. The method may continue with generating a certificate request on the client. The certificate request generated is then transmitted to a certificate server. The certificate server is configured to digitally sign the certificate request generated. The method continues with the client receiving a signed certificate request. The signed certificate request is received by the client via the client web browser. The method may conclude by storing the plurality of client certificate credentials associated with the signed certificate request in one or more keystore file(s).

A data processing system stores encrypted data. Object identifiers are assigned to storage objects, and data encryption keys are assigned to the storage objects. When performing an operation upon a storage object, data encryption key failure may occur due to a corrupt or incorrect key. In this case, a copy of the data encryption key is fetched from a key server. It is possible for the association of the object identifiers with the data encryption keys to become lost or confused, so that the key server may fail to provide the correct key for a specified object identifier. Therefore, an absolute key identifier that is unique across the key server namespace also is stored in association with the object identifier in the storage system and in the key store of the key server, and the absolute key identifier is used as a failsafe for recovery of encrypted data.

A security-wrapped app that is locked and inaccessible is unlocked and recovered using a secure and user-friendly protocol. Apps that are security wrapped are passphrase protected. The app security keystore on the device becomes locked. The keystore is encrypted with a recovery key which is only in an encrypted form on the device and cannot be decrypted or otherwise accessed by the user. As such, the user cannot unlock the keystore on the device and therefore is not able to unlock the app. The app can be unlocked using a recovery mechanism that is highly secure in all communications between the mobile device and the service provider server. At the same time the recovery mechanism is easy for the end user to carry out.

The present invention provides systems and methods for allowing an Email User to create a Public Key Infrastructure (PKI) Email Account and thereafter to digitally sign, send, verify and receive PKI encrypted emails over a computer network, such as the Internet. The systems and methods preferably include a Web-based Email System and a Certificate Authority that coordinate their actions to make the process of creating, maintaining and using the PKI Account as easy as possible for the Email User. In a preferred embodiment, a Keystore System may also be used to enhance the management and use of digital keypairs.

A method, system and program in which a certificate identifier (ID) is associated with an encryption certificate. In certain embodiments, the certificate ID is stored in a cartridge memory (CM). Thus, keystore or key manager administrators can trace keystore locations, versions of keystores, etc. when a cart cannot locate a correct key. This certificate ID, as it is stored on the cartridge memory, is viewable by all.

The invention discloses an encryption and decryption method capable of automatically retrieving keys and selecting algorithms, which comprises the following steps: generating a keystore used by a cryptographic object; extracting the data characteristic of an encrypted object, thereby obtaining the processed data first byte; according to the extracted data characteristic, automatically retrieving the keystore; according to the data feature, selecting an encryption algorithm; according to different encryption scenes, carrying out user-defining on an additional expansion scheme; and performing an encryption and decryption algorithm on the encrypted object. Based on the existing encryption algorithm, the keystore is used for replacing the traditional single key, so that the safety of key management is enhanced, the key is selected according to the data characteristic, an appropriate encryption algorithm is selected to play the best encryption performance, and the additional expansion scheme can be supported to meet the specific encryption scene, therefore, the method has very high practicality and adaptability, and has very wide application scenarios.

The invention discloses an authentication method for network signaling between quantum safety network equipment. The authentication method includes the following steps: creating synchronous signaling key stores used for signaling authentication for both sides between the communicated network equipment, wherein the synchronous signaling key stores are divided into an encrypting signaling key store and a decrypting signaling key store, and setting a read indicator and a write indicator for each signaling key store; a sending end calculating related hash operation message authentication codes H of keys based on key data and a read indicator offset address of the encrypting signaling key store of the sending end, and sending a corresponding signaling data packet to a receiving end; the receiving end receiving the signaling data packet, acquiring a read indicator offset address in the signaling data packet, and judging whether the key data of the read indicator offset address of the decrypting signaling key store of the receiving end is already used or not; and if the key data is not used, calculating H and verifying the content of the signaling data packet. The authentication method for the network signaling between the quantum safety network equipment has the advantages that the authentication is fast, and the method has a certain preventive effect on distributed denial of service (DDoS) attacks, can achieve true one-time-one-key encrypting authentication and is absolutely safe theoretically.

A device or “dongle” (32) is provided for coupling to a Windows-based PC (23). The dongle (32) includes a subscriber identity module (SIM) (15), such as the type used in GSM or UMTS cellular or mobile telecommunications networks. A search engine (40) is accessed by the PC (23) by means of a client application (38) on the PC. The search engine (40) generates a list of search results in response to search criteria in a known manner. Further, the search engine is able to return search results relating to data for which there is restricted access (for example, encrypted data). Such data is identified with a tag which may, for example indicated which users or entities are able to access that data. A user's dongle (32) authenticates that user with the network (3) using a authentication arrangement similar to that employed for authenticating users of a GSM or UMTS mobile telecommunications network. The authenticated identity of the user is communicated to the search engine. The search engine then includes in the search results tagged data items for which the tag indicates that the authenticated user has permission to view. Tagged data items that the authenticated user does not have permission to view are not returned in the search results. Therefore, the user not entitled to view data is not distracted by search results corresponding to data that the user is unable to access. The network (3) may include a key store (51) which stores keys that allow encrypted data items identified by the search engine (40) to be decrypted.

The KDMC carries out key-encrypting key base on-line replacement to related cryptces uniformly in the full-duplex secure communication system based on cryptoes. Based on the traditional way of key-encrypting key base replacement, the base buffer storage and MK handshaking switching technology are applied and improved to realize seamless key-encrypting key replacement of normal data secure communications among cryptoes continuously.

The present invention provides systems and methods for allowing an Email User to create a Public Key Infrastructure (PKI) Email Account and thereafter to digitally sign, send, verify and receive PKI encrypted emails over a computer network, such as the Internet. The systems and methods preferably include a Web-based Email System and a Certificate Authority that coordinate their actions to make the process of creating, maintaining and using the PKI Account as easy as possible for the Email User. In a preferred embodiment, a Keystore System may also be used to enhance the management and use of digital keypairs.

The present invention provides a service and supporting technology for backing up and restoring or replacing OEM vehicle keys. The system works by storing a copy of the data from an OEM key along with other information necessary to replace the OEM key in a key bank. The data collected is processed and stored such that a customer can order a universal replacement from the key bank programmed with the stored data to emulate the prior paired OEM key. No further pairing or programming is required by the customer.

The invention provides an algorithm and key library generation and updating method, and belongs to the technique of computer network communication and the field of information security. The method comprises the steps of generating an algorithm and key library through configuration of a safe management system, wherein the algorithm and key library is composed of an algorithm serial number, an algorithm, a key serial number, a key and a strategy identifier; calculating an increment factor according to the algorithm and key library and the initial version of the algorithm and key library, and issuing the increment factor to an encryption/decryption server; and generating the new version of the algorithm and key library by the encryption/decryption server through PCode operation according to the increment factor and the initial version of the algorithm and key library. The initial version of the algorithm and key library provided by the method is encrypted and then is stored in a database, the security is high and the storage quantity is high. According to the method, the increment factor can be generated randomly; the algorithm and key library can be updated flexibly; the algorithm and key library is safe and reliable; even if a key is intercepted by an attacker; data information contents will not be leaked; the cracking difficulty is increased; the security of data information transmission and user privacy is improved; and the method is high in popularization and implementation value.