124 results about "Security design" patented technology

A secure biometric processing system is disclosed. The system comprises a processing system for providing image acquisition and biometric comparison. The processing unit utilizes public key cryptography for handling templates securely and authenticating operations using the template. The system includes a complete biometric engine which implements image reconstruction, template extraction and matching. The secure design of the system combines complete privacy with security, while offering a flexible usage model including on-chip template storage along with encrypted and authenticated communications to the system.

The invention discloses a high-temperature creep deformation prediction and creep damage analysis method for a high-chrome steel component. The method comprises the following steps of: establishing a theoretical model, determining material parameters, designing a numerical integration algorithm, carrying out the secondary development of finite element software, carrying out the creep damage analysis of the component and the like. Compared with an existing technical scheme, the method disclosed by the invention is characterized in that a great improvement is carried out, the accurate prediction of the creep behavior and the creep damage of the high-chrome steel component can be realized, and therefore, the method has an important application value in the fields of the security design and the residual life evaluation of high-temperature high-pressure components in a supercritical generator set.

A secure biometric processing system is disclosed. The system comprises a processing system for providing image acquisition and biometric comparison. The processing unit utilizes public key cryptography for handling templates securely and authenticating operations using the template. The system includes a complete biometric engine which implements image reconstruction, template extraction and matching. The secure design of the system combines complete privacy with security, while offering a flexible usage model including on-chip template storage along with encrypted and authenticated communications to the system.

The invention discloses a cloud computing-based network invoicing method by using a mobile phone, and belongs to the field of cloud application. The method is characterized by comprising the following steps of: establishing an access service interface for a terminal of the mobile phone at a cloud end; receiving a network invoice business data package sent from the terminal of the mobile phone through a link layer protocol, a data transmission protocol and a security design negotiated with the terminal of the mobile phone; analyzing a communication protocol command and business data of the package, and responding and returning a processing result; and carrying out physical invoice printing through a bonded printer after the terminal of the mobile phone receives a response of the business data so as to finish the operation of the network invoicing. Compared with the prior art, the method disclosed by the invention fully utilizes the characteristics (the application is wide, the cost is low, the carry is easy, and the like) of a terminal device of the mobile phone, so that a safe and reliable mobile network invoicing method is provided for tax payers.

The invention relates to a firmware upgrading method, which comprises the following steps that: user equipment establishes secure connection with an upgrading server, and downloads a firmware upgrading packet through an encryption channel to obtain encrypted firmware and a second digital signature; the second digital signature is verified to verify the integrity and/or legality of the encrypted firmware; the encrypted firmware is decrypted by using a decryption algorithm to obtain to-be-upgraded firmware and a first digital signature; the user equipment writes the firmware to be upgraded intothe application logic program unit; and the user equipment verifies the first digital signature to verify the integrity and legality of the firmware to be upgraded. According to the method, integral security design is carried out on all process links of firmware upgrading, and security risks existing in each link can be effectively prevented.

The invention relates to a cooperative editing system and a cooperative editing method for a document based on centralized data control, and belongs to the field of cooperative editing technologies for documents. The invention provides the cooperative editing system and method for the document based on centralized data control. The system is connected with a background server via a client, all document editing data is transmitted to a background data server in real time, the data server performs data synchronization with a failover server in real time; a project group leader sets the permission of each group member, so that each group member only can browser, edit, modify document data in a permission range, and cannot browse and edit the document data out of the permission range, and the project group leader calls a document generated interface combination to form the document. Therefore, the system greatly improves security design of cooperative editing of the user data, also improves access speed of each user to the data, and speeds up the cooperative editing progress of the document.

A design/evaluation support tool 100 is constructed from a table link use unit 110 identifying linkages between a threat-to-component correspondence table 125, a risk-value table 126, a component contribution rate table 127, and a risk-to-assurance level correspondence table 128, based on their respective duplicate items; and a component assurance level deriving unit 111 deriving an assurance level of each of components that conforms to a risk value of a threat that a security function of each of the components counters by weighting the risk value of the threat by a component rate of contribution based on linkages of the tables.

The invention discloses a validation method for design of system security of an AltaRica model. The method comprises following steps: step 1, establishing an AltaRica model for design of system security; step 2, defining the rule for model transformation from the AltaRica model to a Promela model; obtaining the Promela model after conversion of the AltaRica model; step 3, utilizing lineal temporal logic to describe the system security demand in a formalized manner; step 4, utilizing a model detector to validity security of a system model; step 5, obtaining a security demand counter-example that does not satisfy the step 4, tracking the system security design model and finishing validation of the system security design model.The validation method for design of system security of the AltaRica model has following beneficial effects: a model conversion problem is effectively solved; operation on AltaRica is conducted by a model detection tool SPIN; and the validation method provides a new way of thinking for analyses of system security such that conversion rules are accurately defined.

A failure mode subduction closure method based on a logic decision comprises four steps: step 1. Developing a FMECA analysis and classifying a result according to a certain standard; step 2. Taking a classified fault mode set as an object, calculating an influence of the fault mode subduction on an RMS index, calculating and determining an optimal fault mode subduction scheme based on a rough set theory; step 3. Implementing the fault mode subduction; step 4. Implementing validity verification. By using the method of the invention, design personnel takes the fault mode as a center, systematically considers a relation between a qualitative design and quantification index realization, simultaneously monitors each related reliability, maintainability, guarantee, testability and a security design condition and solves defects and insufficiencies one by one in the design so as to rapidly and effectively realize an RMS index requirement, shorten a development period and reduce development cost.

The invention discloses an SoC chip security design method, and the method comprises the following steps: setting a security storage area in an SoC chip to store security configuration information; obtaining entities of all stages of SoC chip starting, creating a security mirror image file and generating security configuration information; taking first-stage boot firmware on an SoC chip as a root of trust, acquiring a mirror image of a next stage at a current stage, and performing digital signature verification; if verification succeeds, the mirror image is trusted, the mirror image is loaded, and starting is executed; if verification fails, tampering the mirror image, and terminating the starting process. The verification of the bootstrap program, the operating system and the application program is realized by means of encryption and digital signature, the security and credibility of firmware and software are ensured, the key is safely stored, and the security is improved.

The invention relates to a physical layer security design method based on alternate iteration in an IRS-assisted MISO system, and belongs to the technical field of wireless communication. The method comprises the steps: constructing an objective function with non-convex constraint, wherein the objective function is composed of a beam forming vector and an intelligent reflection surface phase shift matrix, and the objective function is iteratively solved by adopting an alternating iteration thought; taking the maximizing of the secrecy rate of the system as the purpose, solving a beam forming vector by using a generalized Rayleigh entropy solving method, and then solving an intelligent reflection surface phase shift matrix by using a Dinkelbach algorithm and a Riemannian manifold-based conjugate gradient descent method. Compared with a traditional method for solving the intelligent reflection surface phase shift matrix through a semi-definite relaxation method, the method has the advantages that the operation complexity can be reduced, and the secrecy rate of a system can be increased. The method is simple in implementation process and has a better application prospect.

The invention provides a dual-system synchronous security computer platform, which is composed of a main control layer and an execution layer, wherein the main control layer is composed of a main control module, and is divided into main and standby systems, that is, is divided into a main control module A and a main control module B; the execution layer consists of a certain number of expandable execution modules, each of which is further divided into a security-related module and a non-security-related module, and the design of power supply isolation and bus isolation is carried out for the security function modules and the non-security function modules; the security computer platform adopts a double 2-vote-2 security redundancy architecture; all modules of the platform are connected by means of internal redundant CANFD buses; and the main control modules of the main and standby systems in the main control layer adopt Ethernet buses to implement main and standby machine synchronization and data interaction communication of the main and standby systems. The dual-system synchronous security computer platform has the technical advantages that the expansibility is excellent, the independent and redundant bus architecture is adopted between the main and standby systems, the security modules and non-security modules adopt the power supply isolation and bus isolation security design,and the reliability and security are higher.

The invention discloses an establishment method and device of a lithium ion battery acupuncture model. The method comprises the following steps: constructing to obtain a one-dimension electrochemicalmodel according to an electrode chemical reaction of the lithium ion battery; establishing a three-dimensional thermal model of the lithium ion battery according to the total heat produced by the lithium ion battery in acupuncture; and coupling the one-dimension electrochemical model with the three-dimensional thermal model through the temperature and the heat, thereby generating a lithium ion battery acupuncture model. The one-dimension electrochemical model and the three-dimensional thermal model are coupled so as to generate the lithium ion battery acupuncture model, thereby accurately outputting the battery internal and battery surface temperature distribution; the security design of the battery is convenient, and the aim of improving the lithium ion battery security is realized.

The invention discloses a method for realizing cloud security communication based on an HTTP protocol end. The method comprises the steps of designing a secure API format, verifying the terminal datalegality at the cloud end; designing a new terminal signature data mode and a cloud verification terminal signature data mode; In the process that the terminal verifies the legality of the cloud data,a new cloud signature process and a new terminal signature verification process are designed, and the terminal signature data mode comprises a signature data combination mode, a body data sorting mode and a terminal signature process. According to the method provided by the invention, through the security design of the interface, security functions of anti-counterfeiting attack, tamper-proofing attack, replay attack prevention, data information leakage prevention and the like can be realized, and the security of WEB interface communication is ensured.

The invention discloses a secure network device for an electronic detonator initiation system and relates to the technical field of electronic detonator initiation system security design. The secure network device is connected with an initiator and an electronic detonator and is characterized by comprising an interface circuit, a control circuit, a charging control circuit, a charging circuit and an electronic detonator communication circuit, the charging control circuit comprises a first switch and a second switch, and the electronic detonator communication circuit comprises a third switch and a fourth switch. The invention further discloses a use method of the secure network device for the electronic detonator initiation system. The security of the charging process of the electronic detonator is improved and use and construction cost is reduced.

The invention belongs to the technical field of captive balloon operation and security design, and relates to a captive balloon anchoring platform and a using method. The captive balloon anchoring platform comprises a ball seat, a spare part chamber in the ball seat, an empennage storage chamber, a take-off recovery chamber, a maintenance chamber and a plurality of take-off recovery devices. The ball seat is in a trapezoid shape, a conformal curved surface matched with the lower surface of the balloon is arranged in the middle of the upper surface of the ball seat; cross arm sliding rails, cross arms installed on the cross arm sliding rails and a plurality of upper captive rigging bodies are arranged on two sides of the upper surface of the ball seat. The ball seat is provided with a doorfor entering the maintenance chamber; a plurality of bottom captive rigging bodies are arranged at the bottom in the take-off recovery chamber; during anchoring, helium in the sphere can be released,the sphere becomes flat and is placed in the conformal curved surface, and a covering plate is tightly fixed through the cross arm sliding rails so as to resist extreme climate such as strong storm; by means of the captive balloon anchoring platform, an application area can be continuously expanded to areas with complex geographical and topographic conditions such as ocean islands, steep mountainous regions and wetland mudflats.

The invention relates to an IRS and artificial noise assisted MIMO system physical layer security design method, and belongs to the technical field of wireless communication. According to the invention, the method comprises the steps: processing a secrecy rate objective function equivalently based on a mean square error criterion, solving a beam forming matrix and an artificial noise covariance matrix by using an interior point method in convex optimization in an alternate iteration mode, and fixing the two variables; solving an intelligent reflection surface phase shift matrix by using a branch and bound method; and executing the two processes alternately until the secrecy rate objective function reaches convergence. Compared with a traditional semi-definite relaxation method, the secrecy rate of the system can be remarkably improved. The method is simple in implementation process and has a better application prospect.

The invention relates to a system-level chip security design method based on an untrusted IP core. The method comprises the following steps: firstly, completing security design of an RTL by adopting ahigh-order synthesis technology; converting the RTL file of the chip into a gate-level netlist through a series of logic synthesis; analyzing the logic structure of the gate-level netlist, and extracting the characteristics of the standard netlist; dividing the collected standard netlist feature samples of the gate-level circuit into a training data set and a test data set, and training a gradient lifting algorithm by adopting the training data set to obtain a hardware Trojan horse classifier based on gradient lifting; and finally, inputting the test data set into the trained gradient liftingTrojan classifier through a cross validation method to obtain a hardware Trojan prediction result based on the model. According to the invention, an SoC security design architecture with strong adaptability, high reusability, wide expansibility, rapidness and intelligence is designed from the source of an IP supply chain.

The invention provides a zero-trust data storage access method and system, and relates to the technical field of data processing. The method comprises the following steps that: a client initiates an online request authorization authentication to an authorization server; after receiving the online request authorization authentication, the authorization server performs authorization authentication on the online request authorization authentication; after the authorization authentication succeeds, the authorization server generates corresponding authorization information and sends an access strategy to the client, so that the client sends an access message to a gateway server according to the access strategy; and the gateway server receives the authorization information and performs access management on the access message according to the authorization information. According to the method, through safety design of a zero-trust storage scheme, a conventional storage safety protection meansis broken through, and all types of accessible data storage is not limited to block storage, file storage and object storage.

There is described a method of checking producibility of a composite security design of a security document, in particular of a composite banknote design, on a line of production equipment, the composite security design being the product of a combination of multiple sets of design features that are to be provided on a substrate as a result of a plurality of successive production operations carried out by means of the line of production equipment. The method comprises the steps of (a) providing digital design data representative of the composite security design of the security document, (b) modelizing, in a computer environment, the line of production equipment by means of which the composite security design is intended to be produced, (c) performing a computer simulation of production results of the plurality of successive production operations on the basis of the digital design data and the modelized line of production equipment, and (d) evaluating the computer simulated production results and determining, on the basis of these computer simulated production results, whether the composite security design can be produced on the line of production equipment.