354 results about "Multiple encryption" patented technology

An integrated circuit for data encryption/decryption and secure key management is disclosed. The integrated circuit may be used in conjunction with other integrated circuits, processors, and software to construct a wide variety of secure data processing, storage, and communication systems. A preferred embodiment of the integrated circuit includes a symmetric block cipher that may be scaled to strike a favorable balance among processing throughput and power consumption. The modular architecture also supports multiple encryption modes and key management functions such as one-way cryptographic hash and random number generator functions that leverage the scalable symmetric block cipher. The integrated circuit may also include a key management processor that can be programmed to support a wide variety of asymmetric key cryptography functions for secure key exchange with remote key storage devices and enterprise key management servers. Internal data and key buffers enable the device to re-key encrypted data without exposing data. The key management functions allow the device to function as a cryptographic domain bridge in a federated security architecture.

A selective encryption method and apparatus consistent with the invention duplicates selected packets in a file or data stream and multiple encrypts the packets using multiple encryption keys. Each encryption key is valid for a specific segment of time so that changes in entitlement keys used for decryption can be made without negatively impacting a customer's ability to access content that has been paid for.

The present invention allows the user (author or creator) of a document to specify that certain portions of a document be selected for encryption while other portions of the document remain displayed as created. In addition, each encrypted section could have multiple encryption keys such that some viewers can review certain parts of the document while other viewers will not have that same access. The user could employ a standard word processing editor technique to highlight (or swipe) portions of a document that the user desires to be encrypted. The highlighted portion would then be ‘tagged’ with a surrounding attribute indicating to the word processor that this highlighted portion of the document is to be encrypted. The highlighted sections would also have encryption keys associated with the highlighted and encrypted section. Any one of the encryption keys for that section would decrypt that section. With proper authorization, any encrypted portion of a document would be displayed as part of the document. Without proper authorization, the display of the document would only contain the unencrypted portions of the document.

A secure Internet Protocol (IP) telephony system, apparatus, and methods are disclosed. Communications over an IP telephony system can be secured by securing communications to and from a Cable Telephony Adapter (CTA). The system can include one or more CTAs, network servers, servers configured as signaling controllers, key distribution centers (KDC), and can include gateways that couple the IP telephony system to a Public Switched Telephone Network (PSTN). Each CTA can be configured as secure hardware and can be configured with multiple encryption keys that are used to communicate signaling or bearer channel communications. The KDC can be configured to periodically distribute symmetric encryption keys to secure communications between devices that have been provisioned to operate in the system and signaling controllers. The secure devices, such as the CTA, can communicate with other secure devices by establishing signaling and bearer channels that are encrypted with session specific symmetric keys derived from a symmetric key distributed by a signaling controller.

The invention provides a network identity authentication method based on the biological characteristic authentication of a third party on the Internet. The biological characteristics (fingerprint, human face, iris, lip membrane and so on) are used as the identity identification of the user, the user can obtain an authentication request from the third party by submitting the biological characteristic codes through a client terminal widget provided by the third party, the identity authentication is carried out through the request password process and the matching algorithm, the Internet identity authentication can be carried out through a fully cooperative website or an application program provided by a cooperative network in a self-help mode, the third party provides request interfaces containing the registration, verification, reset of the biological characteristics, binding information,etc., the third party needs not to know the name of the user in the cooperative website or the application program provided by the cooperative network, thus avoiding to obtain the other information of the user in the cooperative website or the application program provided by the cooperative network, the reliability at the service terminal and the communication safety among the three parties can be guaranteed through the complete active service request of the cooperative website or the application program provided by the cooperative network, the Cookie, SSL, multi-encryption, digital signature of the widget, user-defined words or pictures,etc.

A method begins by a processing module identifying an encoded data slice to be rebuilt, selecting a decode threshold number of dispersed storage (DS) units of a storage set of DS units, generating a decode threshold number of key pairs, wherein a key pair of the decode threshold number of key pairs corresponds to a DS unit of the decode threshold number of DS units, and sending partial rebuilding requests to the decode threshold number of DS units, wherein a partial rebuilding request of the partial rebuilding requests includes the key pair. The method continues with the processing module receiving encrypted partial encoded data slices, wherein an encrypted partial encoded data slice received from the corresponding DS unit includes a multiple encryption, using the key pair, of a partial encoded data slice and decoding the encrypted partial encoded data slices to rebuild the encoded data slice.

A dynamic computer communication security encryption method or system using an initial seed key and multiple random number generators of a specific design, whereby a sequence of independent random entropy values is produced by one set of random number generators and encrypted along with the message stream using the initial seed key, or the output of a second set of random number generators initialized with the initial seed key, and following the subsequent transmission of the variable encrypted entropy/message block, the entropy values are used to symmetrically or identically augment or increase the current uncertainty or entropy of the cryptosystem at both the sender and the receiver, prior to the next encryption block operation. The encryption process effectively entailing the use of multiple encryption ciphers, and the entropy augmentation process entailing the encryption or application of various logical mathematical operations on the already dynamic but deterministic internal state values of the second set of random number generators, effectively altering their deterministic outputs in a random probabilistic manner.

Random length message value sequences from one or more data sources is combined with one or more random length entropy value sequences from an independent source, following which the entropy “updates” may also be used to alter, or change any cryptosystem variable, value or component in a randomly determined manner. In addition, whilst ensuring synchronization, the random entropy sequences also serve to “pollute” the cipher-stream and thereby hinder most current forms of cryptanalysis, whilst simultaneously injecting additional entropy into the cryptographic system and allowing for its propagation to affect any connected system nodes, and thereby introducing unpredictable entropy into the system pseudorandom number generator outputs, and thereby ensuring the perpetual generation of unpredictable random numbers.

Super-encryption mechanics are independent of the user data, simple, fast and efficient, and can incorporate compression, error correction and asymmetric encryption authentication routines. But most importantly, super-encryption ensures resistance to brute force attacks (not possible to verify if a message was even sent), an ability to exceed “perfect secrecy” requirements, and an improvement on previous super-encipherment design, since overhead can be dramatically reduced from 100% overhead.

Communication links previously established by system nodes with central authorities may be used for secure node authentication and registration, whilst allowing the central authority to broker and synchronize communication channels and providing mutual authentication and other security functions between the system nodes.

The invention discloses a blockchain-based supply chain financial anti-counterfeiting traceability method. The method utilizes the advantages of blockchain decentralization, no need for a third-partytrust system, multiple encryption algorithms and the like, the method is achieved through smart contracts in supply chain finance, and the defect of a traditional anti-counterfeiting traceability method can be better solved. By using the characteristic that a blockchain cannot be distorted, all of the content of the contracts including the state of goods can be clearly found, and the defects thatthe traditional anti-counterfeiting traceability method needs to be transferred by a paper certificate, a third-party guarantee or certification institution is needed, the fundraising difficulty of small and medium size enterprises is large, cheating and fraud might exist and the like are solved. Contractual agreement, logistics supervision and financial evaluation between buyers and sellers are achieved through the smart contracts, paper contracts are not needed because all of the contracts are finished in a system, complicated procedures are reduced, and the process is accelerated.

The invention discloses a mobile phone door lock system based on an asymmetric secret key and a realization method thereof, and belongs to a mobile phone door lock. The system comprises an intelligent mobile phone, a door lock and a server; data transmission among the intelligent mobile phone, the door lock and the server is carried by network; the server is used for storing a mobile phone identification number blacklist, and encrypting door opening permission serial data after the verification is valid and sending the serial data to the mobile phone; the intelligent mobile phone is used for sending the door opening permission serial data of the mobile phone to the door lock, and the door opening authority serial data at least comprises a door lock ID, a mobile phone identification number, etc.; the encrypted permission serial data and black list verification and multiple encryption and decryption verifications are carried out between the mobile phone, the door lock and the server, thereby solving the technology problem that the prior mobile phone door lock product cannot withstand replay attack and the invalid unlocking risk is high, providing a complete permission distribution, authentication and cancel process, greatly improving safety performance of the mobile phone door lock product, and promoting the development of the mobile phone door lock industry.

The invention relates to the anti-counterfeiting printing technical field, in particular to a multi-encryption and anti-counterfeiting printing method for a two-dimensional code which is applicable to the two-dimensional code and has encryption requirements on the information of the two-dimensional code, and the multi-encryption and anti-counterfeiting printing method is carried out according to the following steps: (1) original data of the two-dimensional code to be encrypted is input to an encryption system; (2) the encryption system takes out one or a plurality of bits from the original data of the two-dimensional code to carry out a first encryption algorithm calculation, thus obtaining a group of random check codes; (3) the group of random check codes are arranged in the original data of the two-dimensional code, thus generating a group of data containing the random check codes; (4) the obtained data containing the random check codes is carried out a second encryption algorithm calculation, thus generating the dual-encryption data; (5) the obtained dual-encryption data is utilized for generating the dual-encryption two-dimensional code; (6) the dual-encryption two-dimensional code is transmitted to a digital printing system for printing. The method can effectively prevent others from utilizing the existing two-dimensional code reading device to decode the encrypted content, thus obtaining the information in the two-dimensional code and having good confidentiality.

An apparatus and a method are provided for selectively accessing digital content carried on a distribution medium such as a physical medium or a broadcast medium. In one embodiment, a plurality of digital content items are encrypted under a plurality of different key management blocks, wherein each key management block is associated with a different set of device keys. The plurality of content items may be provided together on a single distribution medium to devices having assigned device keys, so that devices may selectively access content as determined by the different key management block used to encrypt the various content items and by the device keys assigned to the devices. Depending on the association between the device key and the key management blocks, the decoding device may decode all of the content items, some of the content items, or none of the content items. To provide greater security, each content item may be multiple encrypted using multiple key management blocks per content item.

The invention relates to a digital image encryption method based on chaotic orbit perturbation and relates to the field of encryption systems. The method comprises the following steps of: scrambling a plaintext image by adopting a generalized discrete Baker mapping-based method; diffusing the scrambled image by adopting a Logistic mapping-based method, and changing the pixel value of each point in the image; and performing multiple encryption according to the requirement on encryption strength. According to the method, a key flow is related to a key and a plaintext by introducing a chaotic orbit perturbation mechanism related to the plaintext, so that the diffusing effects of an encryption system are effectively improved, and the known plaintext resistance is obviously improved. Certain pixel value is changed in the diffusion process depending on the cumulative effect of all the encrypted pixel values before the pixel, so that the tiny change of one pixel value can be effectively diffused to all the subsequent pixels in the image. The method has short encryption time.

A conditional access overlay system utilizing partial encryption without requiring additional program identifiers. The conditional access overlay system generates duplicate critical packets for separate encryption that are sent using the same packet identifier. The rest of the content stream is sent in the clear. However, these duplicated packets are sent without incrementing a continuity counter relative to one another. The overlay packets with non-incremented continuity counter are sent as the second packet immediately following the original critical packet. At the receivers, the incumbent set-top will use the first of the two encrypted packets while the overlay set-top is programmed to use the second of the two encrypted packets. Therefore, methods for verifying alignment of associated packets may be used to distinguish between multiple encryption methods in conditional access overlay systems.

The invention provides a virtual encryption card based on multiple encryption cards, which comprises a plurality of encryption cards, a load balancing module, a monitoring module, a management module, a redundancy module and a work scheduling module. The invention simplifies the management of the virtual encryption cards, and can concurrently process the concurrent requests among the encryption cards, thereby greatly enhancing the processing capacity; in the aspect of load balancing, the invention realizes load balanced allocation among the cards for each request; by using the multiple card redundancy, the request can switch among multiple cards in a seamless way, thereby greatly enhancing the availability and usability; and in the aspect of multiple card scheduling, the invention completely differs from the traditional request and card binding relation, realizes the independence of requests from cards, reduces the coupling property between requests and cards, greatly enhances the reliability of the encryption card, and can not influence the processing of the application requests due to the abnormity of a certain encryption card.

The invention provides a multimedia broadcasting multiple encryption and decryption method and an apparatus for improving the safety of a mobile multimedia broadcasting system. The encryption method comprises: performing a first order scrambling to a coded program stream and/or data pack, performing a first order encryption and second a order encryption to a used cipher key when scrambling, wherein the first scrambling employs the program stream and/or data pack as objects, the first encryption is to encrypt the cipher key during the first scrambling and to obtain a first entitlement control message (ECM1) and a first entitlement management message (EMM1), the second order encryption comprises twice encryption, the first encryption employs a second cipher key to encrypt the obtained ECM1 and the EMM1 after the last order encryption, the second encryption is to encrypt the second cipher key; encapsulating the encryption of the scrambled program stream and/or data pack and the obtained results after the second encryption to service integration frames, allocating a control information table and encapsulating the table to a control integration frame; modulating the encapsulated integration frame to an electromagnetic wave on a physical channel and transmitting the electromagnetic wave to the air.

The invention discloses an order-preserving method for encrypting and decrypting messages by multiple encryption and decryption chips in parallel. The order-preserving method comprises the following steps of: S1, setting a message processing cyclic chain table, after any central processing unit (CPU) receives a message, acquiring an encryption and decryption key corresponding to the message, and putting the messages and the corresponding encryption and decryption keys to corresponding nodes of the message processing cyclic chain table; S2, acquiring idling encryption and decryption chips by the CPU, and sending the corresponding messages to the encryption and decryption chips; and S3, reading node data of the nodes corresponding to the messages, encrypting and decrypting the messages according to encryption and decryption types of the messages, and putting the messages back to the corresponding nodes of the message processing cyclic chain table. The invention also discloses an order-preserving system implementing the order-preserving method. By the method and the system, the order of the messages can be guaranteed when multiple encryption and decryption chips encrypt and decrypt the messages at the same time, and a disorder phenomenon during sending of the messages is avoided.

The invention relates to a method for the license control of a Linux operating system. The method comprises two parts, namely a self protection mechanism and a license management mechanism respectively, wherein the self protection mechanism is implemented by both a kernel layer license control self-inspection module and an application layer license communication module; and the license management mechanism is implemented through a license communication module by an application layer license control module and an application layer license distribution module. The self protection mechanism loads the license control self-inspection module into a kernel space by utilizing the loading of a Linux system kernel, and the license control self-inspection module finishes integrity inspection on the license control function of the system and performs corresponding processing according to an inspection result. By the method, the problem that the license control function of the conventional software or system is cancelled can be effectively solved, and the validity of a license file in a distribution process can be ensured by multiple encryption, so the license file is prevented from being randomly falsified. The method has universality, and can be used for realizing user license control in a Linux environment.