328 results about "One-way function" patented technology

An objective of the present invention is to obtain a mutual authentication method in which mutual authentication is carried out securely and conveniently. In order to achieve the above objective, in the mutual authentication process, a private key K₀, being an initial value, is stored in a client and a server (Pc0, Ps0). The client generates a random number R, calculates secret data C and authentication data A, and transmits the data items to the server (Pc1). The server receives the authentication data A and the secret data C from the client, and generates a random number Q, calculates secret data S, and authentication data B and returns the data items, as well as updating the private key K₀ with a private key K₁ (Ps1). The client receives from the server the authentication data B and the secret data S, generates the random number R, calculates secret data C₂, authentication data A₂, and returns the data items to the server, and updates the private key K₀ with the private key K₁(Pc2). The client and the server check whether or not validity is established (Ps_m+1, Pc_m+1). Further in the authentication method above, there is a method for generating a onetime ID, assuming that the onetime ID is identification information usable just one time in the authentication between a plurality of devices or application. In each of the devices or applications which carries out the authentication, a variable shared key which changes per predefined communication unit requiring the authentication is generated, a function value of one-way function is obtained in which the variable shared key is used as an argument, a onetime ID hard to tap and superior in security is generated based on the function value, and the onetime ID is utilized.

A method and an apparatus are provided for securely identifying a mobile user while avoiding trackability of his/her movements, i.e. it provides a way for a secure user identification in secrecy. The gist is to encrypt the user's identifier, and/or his/her password, and a synchronization indication, preferably a fixed time interval, under a secret one-way function and sending the encrypted message, called a "dynamic user identifier", to the user's "home authority" where he/she is registered. The home authority comprises correspondence tables listing, pre-computed for every time interval (or another chosen synchronization), the dynamic user identifiers and the corresponding true identity of the user and can thus quickly decide whether the received encrypted message originates from a registered user. On the other hand, an intruder is neither able to detect from the encrypted messages the identity of the user nor can he/she track a user's moves.

A control device authentication method in a home network system which includes a slave, a home server which controls the slave, and the control device which performs a remote control function to control the home server, includes registering the control device to the home server; generating and storing, by the control device and the home server, a one-way function set; storing, by the control device and the home server, a code value of a button pressed at the control device; creating, by the control device, a first password by performing an operation using a pointer value, the code value, and a one-way function number; requesting, by the control device, authentication by transferring the pointer value, the one-way function number, and the first password to the home server; and creating, by the home server, a second password.

Controlling access includes providing a barrier to access that includes a controller that selectively allows access, at least one administration entity generating credentials/proofs, wherein no valid proofs are determinable given only the credentials and values for expired proofs, the controller receiving the credentials/proofs, the controller determining if access is presently authorized, and, if access is presently authorized, the controller allowing access. The credentials/proofs may be in one part or may be in separate parts. There may be a first administration entity that generates the credentials and other administration entities that generate proofs. The first administration entity may also generate proofs or the first administration entity may not generate proofs. The credentials may correspond to a digital certificate that includes a final value that is a result of applying a one way function to a first one of the proofs.

Disclosed is an off-line user authentication system, which is designed to present a presentation pattern to a user subject to authentication, and apply a one-time-password derivation rule serving as a password to certain pattern elements included in the presentation pattern at specific positions so as to create a one-time password. An off-line authentication client pre-stores a plurality of pattern element sequences each adapted to form a presentation pattern, and a plurality of verification codes created by applying a one-time-password derivation rule to the respective presentation patterns and subjecting the obtained results to a one-way function algorism. A presentation pattern is created using one selected from the stored pattern element sequences, and presented to a user. A one-time password entered from the user is verified based on a corresponding verification code to perform user authentication. The present invention provides an off-line matrix authentication scheme with enhanced security.

A signature system in which size of data to be transmitted is small and data can be processed efficiently in a Merkle signature system having high security. A processing part 112 of a smartcard 110 divides a message to be signed into groups of specific numbers of bits, starting from the first bit of the message. Then, respective partial one-time signatures of the groups are generated by encrypting each group by a one-way function processing part 112c. The partial one-time signatures are sequentially outputted to a verification apparatus through a interface part 113.

In a domain comprising a plurality of devices, the devices in the domain sharing a common domain key, a method of enabling a entity that is not a member of the domain to create an object that can be authenticated and/or decrypted using the common domain key, the method comprising providing to the entity that is not a member of the domain a diversified key that is derived using a one-way function from at least the common domain key for creating authentication data related to said object and/or for encrypting said object, the devices in the domain being configured to authenticate and/or decrypt said object using the diversified key.

A system, method, and computer program product for preventing a malicious user from analyzing and modifying software content. The one-way functions used in prior art systems using dynamically evolving audit logs or self-modifying applications are replaced with a one-way function based on group theory. With this modification, untampered key evolution will occur inside a defined mathematical group such that all valid key values form a subgroup. However, if the program is altered, the key will evolve incorrectly and will no longer be a member of the subgroup. Once the key value is outside of the subgroup, it is not possible to return it to the subgroup. The present invention provides a limited total number of valid keys. The key evolution points are not restricted to locations along the deterministic path, so the key can be used in various novel ways to regulate the program's behavior, including in non-deterministic execution paths.

A device that incorporates the subject disclosure may perform, for example, receiving a derived encryption key from a remote management server without receiving a master key from which the derived encryption key was generated, applying a one-way function to the derived encryption key and a nonce to generate a temporary encryption key, obtaining data for transmission to a recipient device, encrypting the data using the temporary encryption key to generate encrypted data, and providing the encrypted data over a network to the recipient device. Other embodiments are disclosed.

Disclosed herein is an access privilege transferring method for safely transmitting privilege information about each object between subjects (users) over an object space in which service objects are scattered. User information and secret information of clients are shared between the clients and servers. A client that transfers privilege information generates privilege information weakened in its own contents of privilege. Further, the client applies a one-way function or an encryption function to a bit string obtained by joining the generated privilege information and the secret information to each other, thereby generating protected privilege information with which a third party who does not know the secret information is not capable of tampering. Utilizing the protected privilege information makes it possible to safely transfer access privileges. Further, the server analyzes the protected privilege information by using the secret information to thereby make it possible to safely confirm whether a client that makes an object request is authorized.

The present invention provides an identification key and random key complicated two-factor combined public key system and an authentication method. The identification keys are generated by selecting and combining seed key sets by the user identification generated sequence; the random keys are generated on the basis of one-way function principle which is also the basis of general public key ciphers. Multiple complication modes of the random key and the identification key can not only satisfy the requirement of centralized management, but also provide the proprietary right of private keys for users. An authentication system based on the key generating method has the characteristics of the identification authentication which does not need a third part certificate to prove and high randomization and privacy of general public key cipher and random private key. The present invention can be widely applied to authentication of systems with various scales, especially the authentication of public systems with enormous scale, and the applicable fields comprises reliable access, reliable load, electronic bank, reliable transaction, reliable logistics and the like.

A biometric method, a biometric apparatus, and a biometric data encryption method thereof are disclosed. In the biometric method and the biometric apparatus, a biometric data is quantified to obtain a quantified data. A one-way function is then performed to convert the quantified data into an encrypted data. In the present invention, the biometric data is protected through a cryptography system so as to prevent the biometric features from being stolen or misappropriated. Moreover, in the present invention, a biometric technique can be integrated with a cryptography technique.

According to each embodiment of the present invention, random function operations less than three times and tight security can simultaneously be implemented. More specifically, a ciphertext y=c∥t or a signature σ=c′∥t is created as concatenated data of two data. The concatenated data is created by using a public key encryption scheme for only one (necessary part s) of the data. For this reason, tight security for the one-way characteristic of a trapdoor one-way function of the public key encryption scheme can be implemented. In addition, the output size of a first random function H′ is limited. Accordingly, a random function G for bit expansion in the conventional. OAEP++-ES scheme can be omitted. Hence, the number of times of use of random functions can be reduced to two.

According to the present invention, a secret key cryptosystem and tamper-proof hardware are used to realize a pseudo public key cryptosystem at a low cost. A trap-door one-way function is substantially realized with the use of tamper-proof hardware. Each user performs communication using equipment provided with hardware having the same capabilities described below. Such hardware retains association between an ID and a key. In response to a request from a user, the hardware issues and stores an ID, and it can perform decryption and generation of a MAC (message authentication code) with a key associated with the ID. A user publishes his ID. When performing encryption, a message sender encrypts a message using the published ID. A third person can perform decryption with the ID only by analyzing the mechanism in the hardware. However, the hardware has a capability of destroying itself when such an act is attempted.

Systems and methods for providing secure quantum digital signatures. In one embodiment, a digital signature user creates a plurality of identical “public” keys having one or more bits and a corresponding quantum mechanical one-way function. Quantum digital signature recipients use a “swap test” to check the validity of a copy of the key, and compare the test results with others. The quantum digital signature user sends a signed message over any channel, including an insecure channel. The recipients evaluate the signed message, and quantify the number of incorrect keys. The message is deemed valid and original, or forged and/or tampered with, when the number of incorrect keys is less than a lower threshold, or exceeds an upper threshold, respectively. For an intermediate number of incorrect keys, the recipients determine message authenticity by comparing observations. Hardware useful for application of the method is disclosed.

A method of securely storing and authenticating biometric data against attacks of a third party includes encoding input biometric data, and applying a one-way function to the encoded biometric data. A first exclusive OR operation is performed to the result of the one-way function and a selected secret key. The result of the first exclusive OR operation is encoded, and a second exclusive OR operation is performed to the encoded result of the first exclusive OR operation and the encoded biometric data. The result of the second exclusive OR operation is stored. In the same manner, the biometric data is authenticated. Accordingly, the biometric data can be securely stored against the attacks of a third party by processing and storing the biometric data according to a predetermined procedure.

A method and device for intrusion detection using secure signatures comprising capturing network data. A search hash value, value employing at least one one-way function, is generated from the captured network data using a first hash function. The presence of a search hash value match in a secure signature table comprising search hash values and an encrypted rule is determined. After determining a search hash value match, a decryption key is generated from the captured network data using a second hash function, a hash function different form the first hash function. One or more of the encrypted rules of the secure signatures table having a hash value equal to the generated search hash value are then decrypted using the generated decryption key. The one or more decrypted secure signature rules are then processed for a match and one or more user notifications are deployed if a match is identified.