47 results about "Unsafe environment" patented technology

A method and system for ensuring security-compliant creation and signing of endorsement keys of manufactured TPMs. The endorsement keys are generated for the TPM. The TPM vendor selects an N-byte secret and stores the N-byte secret in the TPM along with the endorsement keys. The secret number cannot be read outside of the TPM. The secret number is also provided to the OEM's credential server. During the endorsement key (EK) credential process, the TPM generates an endorsement key, which comprises both the public key and a hash of the secret and the public key. The credential server matches the hash within the endorsement key with a second hash of the received public key (from the endorsement key) and the vendor provided secret. The EK certificate is generated and inserted into the TPM only when a match is confirmed.

A method and apparatus for generating provisioning data to provision a device are described. A provisioning bundle is validated according to a relationship between a configuration and a bundle sequence number identifying the provisioning bundle. A provisioning request includes a device hardware identifier identifying the device. An authorization for the provisioning request is determined for generating provisioning data including the provisioning bundle personalized by the device hardware identifier for the device.

A method for altering timing between transmissions of an input device comprising the steps of (A) receiving a plurality of inputs from the input device, (B) altering the timing between the inputs and (C) presenting the altered inputs in a potentially insecure environment.

A method and system for maintaining integrity and confidentiality of pages paged to an external storage unit from a physically secure environment. An outgoing page is selected to be exported from a physically secure environment to an insecure environment. An integrity check value is generated and stored for the outgoing page. In one embodiment, this takes the form of taking a one-way hash of the page using a well-known one-way hash function. The outgoing page is then encrypted using a cryptographically strong encryption algorithm. Among the algorithms that might be used in one embodiment of the invention are IDEA and DES. The encrypted outgoing page is then exported to the external storage. By virtue of the encryption and integrity check, the security of the data on the outgoing page is maintained in the insecure environment.

The invention provides a secure two-party collaboration SM2 signature method consisting of steps of system initialization, negotiation generation of a signature public key, collaborative signature andoutput of a complete signature. According to the secure two-party collaboration SM2 signature method provided by the invention, prior to the negotiation of the signature public key and the collaborative signature, the both communication parties authenticate the identity of the opposite party by using the zero knowledge proof technology, the correctness of outputting the complete signature is ensured by using the promise technology, it is ensured that the first communication party does not need to decrypt a received ciphertext by using the homomorphic encryption technology, the operation of the corresponding ciphertext can be realized, and a timestamp mechanism is added to ensure that the both communication parties can output the complete signature only when the identity of the first communication party, the current time and the position information of the first communication party are consistent, so that the security of the system is greatly improved, the loss caused by the leakage ofa signature private key is reduced, and the man-in-the-middle attack can be prevented. The secure two-party collaboration SM2 signature method provided by the invention has higher security and can beused in an environment in which a communication channel is not safe.

Booting a machine in a secure fashion in a potentially unsecure environment. The method includes a target machine beginning a boot process. The method further includes the target machine determining that it needs provisioning data to continue booting. The target machine contacts a secure infrastructure to obtain the provisioning data. The target machine provides an identity claim that can be verified by the secure infrastructure. As a result of the secure infrastructure verifying the identity claim, the target machine receives a request from the secure infrastructure to establish a key sealed to the target machine. The target machine provides the established key to the secure infrastructure. The target machine receives the provisioning data from the secure infrastructure. The provisioning data is encrypted to the established key. The target machine decrypts the encrypted provisioning data, and uses the provisioning data to finish booting.

A method and system for protecting users from accidentally disclosing personal information in an insecure environment. In one embodiment, the method includes monitoring I/O device input data associated with a guest operating system on a virtualization platform. The guest operating system has less privilege than a privileged operating system on the virtualization platform. The method further includes determining whether the I/O device input data corresponds to personal information of a user, and delaying or blocking the transfer of the I/O device input data to the guest operating system if the I/O device input data corresponds to the personal information of the user.

An open state is formed behind a shield of an open type TBM (tunnel boring machine), so that bolting and shotcreting with wire mesh and the like can be realized, when unfavorable geological conditions such as crushed zones are encountered, broken surrounding rock collapses and falls, which not only threatens the safety of operating personnel and equipment, but also greatly lowers the construction efficiency. The invention discloses an annular steel structure supporting construction method with the open type TBM. The supporting TBM is provided with a shield which has an annular steel structure installation space. When the unfavorable geological conditions are encountered, the annular steel structure can be fast erected in an assembly line mode under the protection of the shield, the shield is replaced with the annular steel structure for supporting the surrounding rock as the TBM tunnels; under the protection of the annular steel structure, an annular steel grating and a steel mesh hollow structure are used for carrying out the bolting and shotcreting supporting and the like, the previous extensive construction is changed to controllable standardized operation, the original open type unsafe environment is changed to a closed protected operation zone; the construction method disclosed by the invention is different from the passive supporting which is carried out after the surrounding rock collapses and falls; the annular steel structure actively close off the broken surrounding rock, then the surrounding rock becomes a part of the supporting structure, the work amount for backfilling concrete and removing slag is greatly reduced, and thus the method is more efficient and safer, the cost is reduced and the operation is easy to realize.

A method comprising: receiving a data structure including an identifier identifying a process for performance by a secured environment; and identifying to an unsecured environment the process identified by the data structure.

A method comprising: receiving at a secured environment a data structure including an identifier identifying a process for performance by the secured environment; and controlling at the secured environment performance of the identified process in dependence upon a signal received from an unsecured environment.

In an unsafe environment, a cryptographic analyzer can implement attacks on an algorithm and a secret key by tracking a binary system operated by a program, reading the secret key in a memory and a program execution intermediate result, carrying out static analysis and the like, and a white-box cryptographic algorithm can protect the secret key in the unsafe environment. The invention discloses a 16-round SM4-128/128 white box password implementation method, which describes a new mode of improving an SM4 password algorithm when the encryption round number is 16, and the mode improves the structure of a round function, namely the iterative process of the encryption algorithm. An improved SM4 white-box cryptographic algorithm is provided, and the whole encryption and decryption process can be converted into a form of calculating randomly selected affine transformation and lookup tables. The principle is that the internal state of a coding hiding algorithm is input and output scrambled, the secret key is embedded into a lookup table in a coding mode, and meanwhile, a block matrix is used for reducing the scale of the lookup table.

The invention relates to a secure communication device and a method, in particular to a device and a method for sending and receiving a code by adopting a special manner. In the question answering mutual identity and transaction confirmation method and the device adopting the method, the confirmation method comprises identity verification and transaction content confirmation, and has the characteristic of mutual authentication. An encryption device is separated from the outside completely, and has no electronic connecting interface, so that the hacker attack can be avoided, and the device can also be used in the environment of no personal computer. In the device and the method, not only does a server identify a client in a unilateralism manner, but the client also discriminates the validity of the server through checking the validity of a quenstion and answers the quenstion after confirming the validity of the quenstion only, thereby effectively resisting fishing trap. By adopting the method and the encryption device, identity verification and electronic transaction can be performed safely in unsafe environments such as an Internet bar, etc.

The invention discloses a special formatting method and a special formatting device for mobile storage equipment, and aims to solve the problem that data of mobile storage equipment leak in an unsafe environment. The mobile storage equipment comprises first system data and second system data. The special formatting method for the mobile storage equipment comprises the following steps of judging whether redirection operation is performed only or not, judging whether the current environment is a safe environment or not if the redirection operation is not performed only, prompting that special formatting cannot be carried out if the current environment is not safe, and then quitting; constructing and updating the first system data of the mobile storage equipment; judging whether the redirection operation is performed only or not, formatting the mobile storage equipment if the redirection operation is performed only, then performing redirection operation on the first system data and the second system data of the mobile storage equipment, and quitting; performing redirection operation on the first system data if the redirection operation is not performed only, setting an encryption completion status, setting an encryption key, formatting data of various partitions of the mobile storage equipment, and performing redirection operation on the second system data of the various partitions.

Protecting a mobile device is provided. A first set of IoT devices in a first domain at a first geographic location is established by communicating with respective members of the first set of IoT devices. Respective ones of the first set of IoT devices are identified within the first domain as registered to a user corresponding to a mobile device based on a list of registered devices generating a registered subset of IoT devices that includes the mobile device. It is determined that the mobile device is in an unsecure environment based on establishing proximity to unknown IoT devices that are not members of the registered subset of IoT devices. A self-protection mode of operation is launched on the mobile device in response to determining that the mobile device is in the unsecure environment based on establishing proximity to the unknown IoT devices.

The embodiments of the present invention disclose a closed space device inspection method and device. According to the closed space device inspection method and apparatus of the invention, point clouddata collection is performed on devices in different regions in a closed space; after splicing and de-noising processing is performed on the point cloud data of the devices in each region, and the de-noised point cloud data are matched with each point cloud data model in a point cloud data model library, so that the first attribute information of each device, which is represented by the de-noisedpoint cloud data, can be determined; the de-noised point cloud data and the first attribute information are saved in an associated manner; the de-noised point cloud data are compared with historicalpoint cloud data associated with the first attribute information, so that abnormality analysis can be performed on the devices which are represented by the de-noised point cloud data; and therefore, the automatic inspection of the devices in the enclosed space can be realized, the inspection efficiency of the devices in the enclosed space can be improved, and the probability that inspection personnel are exposed to an unsafe environment such as lack of oxygen and water can be lowered.

The invention belongs to the data security field of mobile storage equipment, in particular to a data security protection method of safe mobile storage equipment, which is used for solving the problems of data security of the mobile storage equipment when the mobile storage equipment is crosswise used among different host computer environments. The safe mobile storage equipment adopts a single-equipment and multi-data view design so that the same safe mobile storage equipment provide a single or a plurality of different data views according to the different applied external host computer environments (different safe environments or different unsafe environments). The different data views correspond to different physical storage zones or logical storage zones isolated from each other. The safe mobile storage equipment invention has the benefits advantages that the safe mobile storage equipment adopts the single-equipment and multi-data view design, realizes the data ferry of the storage zones in the unsafe environments through a special safe browser in a safe environment and automatic identification design on external host computer systems in the unsafe environments and adopts an encryption mode to store data in safety mobile storage equipment.

A method and an apparatus are disclosed for the coupling of a safety-critical process from a safe environment to an environment that is not safe or to an environment that is safe but has fewer processing channels. To this end, provision is made of a method which processes a data record that is relevant to the safety-critical process to form a respective safe protocol using at least two redundant processing channels in accordance with identical laws, and forms a common safe protocol taking into account at least two redundant safe coupling protocols. When writing at least elements of the common safety-based protocol using a processing channel with write authorization, another processing channel is used to check whether these elements are identical to one another. Access to a common buffer register for the purpose of storing these elements is enabled only when they are identical to one another.

The invention discloses a firmware starting method based on PIN code authorization. The method comprises the following steps that 1, a TCM security card is used in a computer integrated with the TCM security card; step 2, starting up and electrifying, and detecting the TCM security card by the security firmware; 3, when it is detected that the state of the security card is normal and the firmwareflag bit is not started, the screen pops up a prompt box to prompt a user to input a PIN code; 4, the user inputs the PIN code in a manual input mode or in a mode of reading the file from the storagedevice; step 5, the firmware sends the received PIN code to the TCM for verification; and step 6, after the verification is passed, the firmware starts the mark position and continues to start the system, and if the verification is not passed, prompts re-input and prompts the remaining input times, and shuts down when the maximum fault-tolerant times are exceeded. The method can prevent TCM resources from being exposed in an unsafe environment, prevent the computer from being started in the unsafe environment and use the computer resources, and is better in safety.

The invention discloses a method and device for reducing the risk of a financial transaction. The method comprises the steps that a card reader chip prepares a data source to be sent to a financial ICchip, and a request for generating application authentication ciphertext including the data source is generated; the card reader chip sends the request for generating the application authentication ciphertext to the financial IC chip; the card reader chip receives response data, containing the application authentication ciphertext, returned by the financial IC chip; the card reader chip conductscompression, scrambling and conversion on the response data to obtain a dynamic password; the card reader chip outputs the dynamic password to complete the financial transaction. The method and devicehave the advantages that the transaction password can be prevented from being exposed in an unsafe environment in the process of using a financial IC for transactions, the transaction password is prevented from being leaked, the transaction risk is reduced, and the transaction security is improved.