178 results about "Secure Hash Algorithm" patented technology

The invention relates to a method for implementing a safe storage system in a cloud storage environment and belongs to the technical field of storage safety. The method is characterized in that a trust domain is established in a server according to the requirements of a user; in the trust domain, identity authentication is performed by using an public key infrastructure (PKI); the independence between the storage system and a bottom layer system is realized by utilizing a filesystem in user space (FUSE); a hash value of a file is calculated by utilizing a secure hash algorithm (SHA1) and taking a block as a unit, a file block is encrypted by utilizing a key and an advanced encryption standard (AES) algorithm of a symmetric encipherment algorithm and taking a block as a unit, and a file cipher text is uploaded to a file server in a cloud storage area so as to guarantee the confidentiality and integrity of the file; a filer owner postpones encrypting the file again when permission is revoked by designating a user with the permission of accessing the file and the permissions thereof in an access control list; and only when the user modifies the content of the file, the user encrypts the file block in which the modified content is positioned again and the system implements three layers of key management, namely a file block key, a safe metadata file key and a trust domain server key so that not only the safety of the file is guaranteed when the permission is revoked, but also the management load of the system is not increased.

The present invention provides a security module for Web application, especially a portal application, using a rewriter proxy. The security module ensures that the rewritten URIs are appended by an authentication identifier for determining whether the rewritten URI has not been changed. Preferably, the authentication identifier can be generated by applying a secure hash algorithm and/or secret key to the original URIs of the remote resource or the entire rewritten URIs. When a client activates those URIs, a request is sent to the rewriter proxy. Before a connection to the access protected remote resource is established, the security module validates whether the URIs contained in the user client request have been changed by the user.

The embodiment of the present invention discloses a password protecting method and device, wherein, the password protecting method comprises: obtaining user identification and an original clear text password; adding salts to the original clear text password with a preset salt value to obtain an original key; using the original key as an encryption key of Hash-based message authentication code HMAC operation; using a secure Hash algorithm SHA as an encryption hash function of the HMAC operation to carry out the HMAC operation to obtain an original cryptograph password; and storing the user identification and the original cryptograph password correspondingly in a database. The embodiment of the present invention is able to assure the password security, and reduce the risk of password disclosing.

A processor includes an instruction decoder to receive a first instruction to process a secure hash algorithm 2 (SHA-2) hash algorithm, the first instruction having a first operand associated with a first storage location to store a SHA-2 state and a second operand associated with a second storage location to store a plurality of messages and round constants. The processor further includes an execution unit coupled to the instruction decoder to perform one or more iterations of the SHA-2 hash algorithm on the SHA-2 state specified by the first operand and the plurality of messages and round constants specified by the second operand, in response to the first instruction.

A method of protecting the execution of a cryptographic hash function, such as SHA-256, in a computing environment where inputs, outputs and intermediate values can be observed. The method consists of encoding input messages so that hash function inputs are placed in a transformed domain, and then applying a transformed cryptographic hash function to produce an encoded output digest; the transformed cryptographic hash function implements the cryptographic hash function in the transformed domain.

A method of an aspect includes receiving an instruction. The instruction indicates a first source of a first packed data including state data elements a_i, b_i, e_i, and f_i for a current round (i) of a secure hash algorithm 2 (SHA2) hash algorithm. The instruction indicates a second source of a second packed data. The first packed data has a width in bits that is less than a combined width in bits of eight state data elements a_i, b_i, c_i, d_i, e_i, f_i, g_i, h_i of the SHA2 hash algorithm. The method also includes storing a result in a destination indicated by the instruction in response to the instruction. The result includes updated state data elements a_i+, b_i+, e_i+, and f_i+ that have been updated from the corresponding state data elements a_i, b_i, e_i, and f_i by at least one round of the SHA2 hash algorithm.

The invention discloses a communication data encryption and decryption method based on DES (Data Encryption Standard), RSA and SHA-1 (Secure Hash Algorithm-) encryption algorithms. The communication data encryption and decryption method based on DES, RSA and SHA-1 encryption algorithms comprises the following steps: 1, generating data to be encrypted for sending; 2, encrypting the data to be sent for the first time, namely performing block DES encryption; 3, performing SHA-1 encryption algorithm to the data which has been encrypted for the first time to generate abstract content; 4, encrypting the data encrypted by SHA-1 and the abstract by a RSA encryption public key received by a receiving end; 5, sending cryptograph; 6, receiving the cryptograph by the receiving end and decrypting the cryptograph by an own private key for the first time; 7, authenticating the received data; 8, performing DES decryption to the data which has been authenticated, and reading the data content. The communication data encryption and decryption method based on DES, RSA and SHA-1 encryption algorithms utilizes different characteristics of the three encryption algorithms, and respectively encrypts a message to be sent by DES, RSA and SHA-1 encryption algorithms, so that the encrypted message for communication is much safer, and a digital signature is achieved for ensuring that the received message is the original message sent by a sending end without tampering.

Provided is a multi-bit pipeline analog-to-digital converter (ADC) capable of altering an operating mode. The ADC includes: a sample-and-hold amplifier (SHA) for sampling and holding an input analog voltage; an n+1 number of B-bit flash ADCs for receiving an analog signal and converting the analog signal into a digital signal to output the digital signal; an n number of B-bit multiplying digital-to-analog converters (MDACs) for converting a difference between the digital signal output from the B-bit flash ADC and the front-stage output signal into an analog signal to output the analog signal to the next stage; and a mode control circuit for generating n-bit control signals to control the B-bit flash ADC and the B-bit MDAC according to required resolution and operating frequency. In the multi-bit pipeline ADC, an operating mode is altered by controlling the number of stages in a pipeline and a signal path according to required resolution and operating frequency, so that power consumption can be minimized under the corresponding operating condition and signals can be processed in a variety of ways.

A monolithic integrated circuit (IC) secure hashing device may include a memory, and a processor integrated with the memory. The processor may be configured to receive a message, and to process the message using a given secure hash algorithm (SHA) variant from among different SHA variants. The different SHA variants may be based upon corresponding different block sizes of bits.

The invention discloses a method for upgrading software on line. The method comprises the following steps of: encrypting software to be upgraded by using asymmetry of a radio supervisory adapter (RSA) encryption algorithm to generate a public key and a private key which form a pair; and placing the public key at a network server end and the private key in a software system of a product, wherein the public key is used for encryption and the private key is used for decryption. Two prime numbers are multiplied by an RSA, and the product is publically used as an encryption key and is resolved into factors during decryption; but the two prime numbers can be more easily multiplied and the product can be extremely difficultly dissolved into the factors. The encryption and the decryption at the network server end and a product end are set by an RSA data encryption algorithm and a secure hash algorithm (SHA) 1 data digest algorithm respectively; the software can be downloaded and upgraded after settings are compared to be consistent; associated verification and encryption mechanisms are established at the two ends, namely the network server end and the product software system end; thus the integrity of the software is correctly identified, the wrong or tampered software is prevented from being upgraded into the product, and the software at the product end is securely upgraded.

A boot validation system and method may be used in a computer system to validate boot code before allowing the computer system to execute the boot code. In particular, a secure hash algorithm may be used to compute a hash value of the boot code and the computed hash value may be compared to a preprogrammed hash value stored in a secure non-volatile device. If the hash values match the boot code may be validated and the system may then be allowed to execute the boot code. Once the boot code is validated, the boot code may be executed to validate other code (e.g., firmware) in the computer system. In an exemplary embodiment, the boot validation system and method may be used in an imaging device, such as a printer.

A certification and seal method of digital watermark includes inserting process as calculating out file control abstract value by using digital abstract algorithm of SHA, SHA ¿C 1, MD5 and CRC16 / 32, embedding said abstract value in digital certification seal image and inserting it in electronic file; verifying process as calculating out file content abstract value by using relevant digital abstract algorithm, picking up hidden file content abstract from digital seal image in file and comparing two abstract values for obtaining verification result.

The invention discloses a data encryption and retrieval method for a database. The method includes the steps: a) encrypting raw data by means of a one-way encryption algorithm to generate a non-decipherable indexable head under the condition of keeping sequence of the raw data unchanged; b) continuing to encrypt the raw data to generate decipherable ciphertext data; c) combining the indexable head and the decipherable ciphertext data to generate encryption combined data, and storing the encryption combined data in the database, wherein the one-way encryption algorithm in the step a) refers to MD5 (message-digest algorithm 5), SHA (secure hash algorithm) or HMAC (hash message authentication code); the encryption algorithm in the step b) refers to the symmetric key encryption algorithm. The data encryption and retrieval method for the database has the advantages that since the indexable head and the decipherable ciphertext data are combined for encrypted storage of all of the raw data by means of cipertext, and the indexable head are used for quick retrieval of the encrypted data, full table scanning is avoided while accuracy in data decryption and security in data retrieval are guaranteed.

A processing apparatus comprises logic to, according to a selected secure hash algorithm (SHA) algorithm, generate hash values by preparing message schedules for a plurality of message blocks in parallel using single instruction multiple date (SIMD) instructions and performing compression in serial, and logic to generate a message digest conforming to the secure hash algorithm (SHA) algorithm.

A processing apparatus may comprise logic to preprocess a message according to a selected secure hash algorithm (SHA) algorithm to generate a plurality of message blocks, logic to generate hash values by preparing message schedules in parallel using single instruction multiple data (SIMD) instructions for the plurality of message blocks and to perform compression in serial for the plurality of message blocks, and logic to generate a message digest conforming to the selected SHA algorithm.

An authentication protocol using a Hardware-Embedded Delay PUF (“HELP”), which derives randomness from within-die path delay variations that occur along the paths within a hardware implementation of a cryptographic primitive, for example, the Advanced Encryption Standard (“AES”) algorithm or Secure Hash Algorithm 3 (“SHA-3”). The digitized timing values which represent the path delays are stored in a database on a secure server (verifier) as an alternative to storing PUF response bitstrings thereby enabling the development of an efficient authentication protocol that provides both privacy and mutual authentication.

The invention provides a data interaction method and a data interaction device based on the CHAP protocol. The data interaction device based on the CHAP protocol comprises a client and a server. The client and the server carry out data interaction after identity authentication succeeds. The legitimacy of the client and the server is verified using a first random number, an asymmetric encryption algorithm and a secure hash algorithm, and therefore, identity authentication between the client and the server is realized, and attack from the middleman is avoided. Data transmission is carried out between the client and the server after identity authentication succeeds, so that the safety and reliability of data transmission between the client and the server are ensured, and replay attack is avoided.

The invention discloses an image compressed encryption method based on compressed sensing and a Chua's circuit. The method comprises the following steps of 1, generating a key related to plaintext according to an original image by using SHA-256; 2, performing iteration on initial values x02 and a02 to generate a chaos sequence t' and t'', and generating measurement matrixes FORMULA and FORMULA through performing iteration on t' and t''; 3, measuring sub-bands LH, HH and HL by different compression ratios; 4, quantizing to acquire an integer sequence z, and forming a matrix z'; 5, acquiring a diffusion matrix f'; 6, acquiring a matrix LL', and performing an XOR operation on the diffusion matrix f'; and 7, combining four sub-bands such as LL, LH, HL and HH, and scrambling the chaos sequencegenerated by x04 and a04 to acquire a final compressed encryption image E. According to the method the data transmission quantity can be reduced, the robustness of the image can also be enhanced, thesecurity is high, and particularly, the method is good in performance when being used for resisting shearing attacks and noise attacks.

The invention relates to a PE loader-based software packing protection method. The method comprises the following steps of: mapping a shell template into an internal memory, repositioning the base address of the shell template by simulating a PE loader of Windows and calculating a relative virtual address (RVA) of a segment where the entry point of the shell template is positioned and the size of the segment, wherein the calculated RVA value of the segment and the size value of the segment are taken as parameters and a hash value calculated by a secure hash algorithm (SHA) is taken as a key of an advanced encryption standard (AES) encryption algorithm; mapping protected software into the internal memory and encrypting the protected software by the AES encryption algorithm by using calculated key; adding encrypted data into a Reloc segment of the shell template; processing a special resource in the software to be protected and extracting additional data of the special resource, attaching the special resource and the additional data to the end of a shell template file respectively and modifying a corresponding data item related to the special resource in the PE structure of the shell template; and repeating the modified shell template from the internal memory to a disc so as to obtain protected software. The method remarkably enhances the safety of the software.

The invention discloses a method and a system for partial matching query of an encrypted field in a database. The method comprises the following steps: creating a data record table; creating an encrypted index table for the encrypted field according to the data record table; obtaining and encrypting a to-be-queried field by program; querying completely matched data from the data record table through a structured query language (SQL) sentence, and recording the completely matched data as first values; carrying out secure hash algorithm (SHA) hashing on the to-be-queried field, and querying a corresponding unique data identifier from the encrypted index table through the SQL sentence; and querying all data with the unique data identifier in the data record table according to the corresponding unique data identifier, and recording the data as second values; and merging the first values with the second values. In the manner, an encryption scheme can be used only by partial matching query of the field under the condition of ensuring the performance, so that the safety and the usability of the system are improved.