168 results about "XML Encryption" patented technology

A relational database system for encryption of individual data elements comprising a encryption devices of at least two different types, the types being tamper-proof hardware and software implemented. The encryption processes of the system are of at least two different security levels, differing in the type of encryption device holding the process keys for at least one of the process key categories and also differing in which type of device executing the algorithm of the process. Each data element to be protected is assigned an attribute indicating the usage of encryption process of a certain security level.

The invention is applicable to the field of data storage technology improvement, and provides a file security sharing method based on blockchain cloud storage. The method includes the steps as follows: S1, performing data encryption on a file by using a symmetric encryption algorithm, and storing a data ciphertext in a cloud disk; S2, enabling a user to generate a key ciphertext by using a symmetric key for decrypting the data ciphertext through encryption, and storing the storage locations of the key ciphertext and the data ciphertext together on a blockchain as a part of metadata; and S3, performing proxy re-encryption on the stored file data by using a new key, and securely sharing the data through the new key and the re-encrypted new ciphertext. Through the implementation of a cloud security storage and sharing mechanism for a private file under a decentralized storage architecture of the blockchain, the data stored in the cloud by the user can only be accessed through a private key, when the own encrypted data needs to be shared to other users, the own original key of an owner cannot be exposed to other people, and the process of downloading all cloud data, re-encrypting the data by using a shared key, and then uploading the data in sequence is not required.

An encryption key management system and method implements enterprise managed encryption key for an enterprise using encryption for cloud-based services. In some embodiments, the enterprise deploys a key agent on the enterprise data network to distribute encryption key material to the network intermediary on a periodic basis. The network intermediary receives the encryption key material from the enterprise and stores the encryption key material in temporary storage and uses the received encryption key material to derive a data encryption key to perform the encryption of the enterprise's data. In this manner, the enterprise can be provided with the added security assurance of maintaining and managing its own encryption key while using cloud-based data storage services. The encryption key management system and method can be applied to ensure that the enterprise's one or more encryption keys do not leave the enterprise's premises.

An encryption method includes displaying encryption target data on a display screen as an image, performing first acceptance in which designation of an at least partial region of the displayed image is accepted, performing second acceptance in which designation regarding splitting of the designated at least partial region is accepted, and splitting data that is included in the encryption target data and corresponds to the designated at least partial region in accordance with the designation regarding the splitting under a secret sharing scheme.

Methods and systems are described for format-preserving encryption. Format-preserving encryption on an entire format F may be achieved by performing format-preserving encryption on one or more subsets of F and then applying one or more permutation rounds in such a way that all elements of F enter a subset to be encrypted. A predetermined number of encryption rounds and a predetermined number of permutation rounds may be interleaved until all elements are thoroughly mixed. The resultant output data may be saved in a database in the same format as the original input data, meet all constraints of the database, and pass all validity checks applied by software supporting the database.

In accordance with one embodiment, a method for securing data is disclosed. The method includes sensing multi-dimensional motion of a body part of a user to generate a multi-dimensional signal; in response to the multi-dimensional signal and user calibration parameters, generating a neuro-mechanical fingerprint; and encrypting data with an encryption algorithm using the neuro-mechanical fingerprint as a key.

A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.

The invention relates to an IBE (Internet Booking Engine) data encryption system based on a medium digital certificate, and comprises four components: an IBE CSP (Cryptographic Service Provider), an IBE key management client, an IBE key server and an IBE client installing software, wherein the IBE CSP is the core and key of the IBE data encryption system. The IBE data encryption system is used for enabling the system and the application which do not support an IBE encryption process to utilize the IBE process to encrypt and decrypt. In the IBE data encryption system, the medium digital certificate is taken as a bridge, an asymmetric key algorithm which is supported by RSA (Rivest Shamir Adleman), ECC (Elliptic Curves Cryptography) or other X509 certificate is provided by a register, but actually a Windows CSP of the IBE algorithm is realized, the data encryption and decryption operations based on the RSA, ECC or other asymmetric key algorithms are automatically converted into the corresponding data encryption and decryption operations based on the IBE algorithm.

The invention relates to a mediated and searchable encryption method. The method comprises the following steps: S1, system initialization; S2, keyword encryption; S3, data encryption; S4, user key generation; S5, search Trapdoor generation; S6, data searching; S7, data decryption; and S8, user revocation. The mediated and searchable encryption method provided by the invention has the advantages that online and offline encryption and mediated encryption can be achieved, the method is applicable to a mobile cloud computing environment, and user permissions can be revoked instantly.

The invention relates to a digital rights management method based on N RSA (Rivest Shamir Adleman) encryption algorithms based on a chaotic algorithm, comprising three steps of privet key generation, data encryption and data decryption. The method comprises the specific steps of: utilizing the chaotic algorithm as the RSA encryption algorithm to generate prime numbers and combining the generated prime numbers to form a public key and a privet key; and then utilizing the public key and the privet key to encrypt and decrypt contents of files. As the chaotic algorithm process provided by the invention has the characteristics of randomness, balance and stability, the generated prime numbers have good quality and fast speed and are uniformly distributed; the calculation of the prime numbers is operated in the class of the prime numbers and is convenient; the response speed of the calculation is fast and results are reliable and accurate; in the encryption process and the decryption process, the length of the privet key is long enough through encrypting and decrypting data of the privet key and the public key; meanwhile, the encryption speed of the data is faster, so that the encryption and the decryption are assured; and meanwhile, the privet key is not easy to crack, so that the practical applicability and the openness of the algorithm are greatly enhanced.

The invention discloses TrustZone-based data encryption and decryption methods and apparatuses, and a terminal device. The encryption method comprises the steps of sending a data encryption request to a trusted application in a trusted execution environment through a client interface between a general execution environment and the trusted execution environment, wherein the data encryption request comprises a class key and to-be-encrypted data; decrypting the class key according to a main key pre-stored in the trusted execution environment by the trusted application; encrypting the to-be-encrypted data according to the decrypted class key by the trusted application; and returning the encrypted to-be-encrypted data to the general execution environment through the client interface by the trusted application. The encryption method has high security performance and expandability.

The embodiment of the invention provides a data encryption method, device, equipment and system and a data decryption method, device, equipment and system, and relates to the field of data security. The data encryption method comprises the following steps: receiving an encryption request for encrypting specified data; acquiring an encryption rule corresponding to field information in pre-stored currently-effective privacy version configuration information; and encrypting the specified data according to the searched encryption rule. The specified data is encrypted through the preconfigured currently-effective privacy version configuration information. The problem of low security of encryption and decryption methods provided in the prior art is solved. The effective privacy version configuration information is updated automatically along with time, so that the probability of forced cracking of encrypted data can be lowered to a great extent, and the security during data encryption or decryption can be enhanced greatly.

The invention discloses a safe method for repeated data deleting. The method comprises the steps that a client side encrypts files which need to be stored through the same secret key with different encryption algorithms; a server judges whether the files are stored through the Hash values of the files first; the client side decrypts a secret key through a ciphertext returned by the server, and then encryption is carried out with another encryption algorithm; and the server carries out two-time encryption with the same encryption algorithm by comparing the files to judge whether repeated date deleting is carried out. The advantage of a repeated data deleting technology is guaranteed, user data privacy is guaranteed, and an external attacker and an unreliable cloud storage serve provider are prevented.

The invention provides a ciphertext domain multi-bit reversible information hiding method capable of effectively ensuring large volume embedment of data, reversible recovery of carrier data and undetectability of embedded information on the premise of meeting separable steganography. The method comprises the following steps: 1, parameter setting and data pre-processing; 2, encryption and information embedment; and 3, decryption and information extraction. By recoding ciphertext data based on an R-LWE (Ring Learning with Errors) public key cipher algorithm, a user can embed multi-ary information based on ciphertext domain operation to realize data encryption. After the information is embedded, the user can effectively extract the hidden information with a steganographic key and recover the data before encryption without errors by using a decryption key. Compared with the existing ciphertext domain steganography, the method has the advantages that error-free decryption of the embedded ciphertext and effective extraction of the hidden information can be realized, and the decryption and extraction processes are separable.

The embodiment of the invention provides a data encryption method, the method is applied to a first terminal, and the method comprises the steps: determining a to-be-encrypted file selected by a userof the first terminal and a selected target user under the condition that a first intelligent password key is detected to be inserted into the first terminal; calculating the file content of the to-be-encrypted file according to an SM3 algorithm to obtain an abstract of the file content of the to-be-encrypted file; signing the abstract according to a signature private key of a user of the first terminal stored in the first intelligent password key to obtain a signature abstract; taking a true random number generated by the first intelligent password key as a session key, and encrypting the session key according to the target encryption public key and an SM2 algorithm to obtain a session key ciphertext; encrypting the file content of the to-be-encrypted file according to the session key andan SM4 algorithm to obtain ciphertext content; therefore, the security of the encrypted data is improved.

The invention relates to a file encryption system, comprising a safety folder, a file encryption program and a file encryption filter. The file encryption program generates a temporary file, namely an encrypted temporary file, corresponding to an opened file on a permanent storage medium of a computer in a form of a ciphertext when a user opens a currently browsed file in currently browsed safety folder by using a cursor through a human-computer interface of the file encryption program in a double-click manner; a new temporary file, namely an encrypted temporary file, which relates to file content of the selected opened file and is generated in the process that a file application program processes the opened file, also exists in the form of the ciphertext; the file encryption filter automatically carries out corresponding decryption and encryption treatment on the file content when the file application program carries out reading and writing operations on the encrypted temporary files. Thus, leakage of sensitive information due to the fact that the file content of the opened file exists on the permanent storage medium in a form of a cleartext is avoided.

The invention provides a Song ci poetry text message hiding technology based on hybrid encryption, which belongs to the information hiding and data security directions in the field of computers. The Song ci poetry text message hiding technology comprises the steps of encrypting secret information to be hidden by using an advanced encryption standard (AES) in a hybrid manner, encrypting an AES secret key by using an elliptic curve cryptography (ECC) algorithm, passing all information after encryption processing through a 140 tune name template library of the complete collection of Song ci poetry, and hiding the information by means of the system which is composed of templates, a dictionary, a steganographic device and an extractor, wherein the system can generate steganographic Song ci poetry through a random selection or template designation method according to the length of a cryptograph, and the sentence length, grammatical style and intonation sentence pattern of the steganographic Song ci poetry conform to the original Song ci poetry completely, thereby achieving the purposes of obfuscating attackers and ensuring secure transmission of the hidden information. The Song ci poetry text message hiding technology disclosed by the invention can solve the security problem of data transmission in channels, can provide double security measures of information hiding and data encryption, and has high practical application value.

The invention provides an image encryption and decryption method based on improved Joseph traversal and generalized Henon mapping. An SHA-1 value of an image to be encrypted and encryption parameters selected by a user are combined to serve as a secret key, generalized Henon mapping is driven to randomly disturb the initial position, the counting-off interval and the counting-off direction of Joseph traversal mapping used for position point permutation, so that different encryption images and encryption parameters correspond to different position point permutation processes in essence; coupling of all the encryption steps is enhanced, different encryption processes are started according to different images to be encrypted, so that selective plain text attacks are effectively resisted, and the image encryption and decryption method has large secret key space and is easy to implement and low in cost.

Provided is an encryption-domain reversible information hiding method based on classified scrambling and hiding information classification. Variable pixels and fixed pixels are classified into blocks and scrambled in a classified way to reserve a hidden space of an encryption image; during image encryption, the image is divided into variable pixels and fixed pixels, bitwise XOR and scrambling encryption are carried out by taking the pixel as unit, and pixel values and positions are protected by encryption; at the same time, a block classification matrix serves as a part of an image encryption key, and further the possibility of leakage of content of the encryption image is further reduced; and during information hiding, the information to be hidden is divided into disclosed, authorized and private types according to functions, and protection of different levels is realized by using different encryption methods. During information extraction, the information can be extracted correctly by obtaining corresponding authorization, and the private information is very hard to obtain without a hidden secret key; and during image decryption, the encryption image the same with an original image can be obtained via an encryption key only. An algorithm is easy to realize, and the steganographic capacity is large.

The invention provides an image encryption and decryption method based on probability interval division and dynamic probability events. The method comprises steps of during encryption, firstly mapping secret key parameters and SHA-1 values of to-be-encrypted images to different probability encryption sections; carrying out random screening on to-be-encrypted pixels based on the secret key parameters and the SHA-1 values; and executing and writing different probability encryption events into corresponding pixel positions according to the probability sections where the probability encryption events fall. In order to improve safety, an SHA-1 value remapping process is added for dividing the probability sections, screening the to-be-encrypted pixels and carrying out stochastic disturbance on encryption; and by adding an overall situation encryption process related to SHA-1 update values and user secret keys, performance of an image encryption algorithm is enhanced. The method also comprises steps of during decryption, firstly recovering encrypted parameters; then finishing overall decryption; and at last executing inverse decryption operation on randomly screened pixels. Compared with the prior art, different pixels and secret keys correspond to different encryption processes, so the method is highly safe.

The invention discloses an asymmetric double-image encryption method based on chaos and cascade DFrRT. The encryption method comprises the steps that two original gray level images are normalized and connected into an extension image in the horizontal direction; next, the extension image is scrambled by i times of cat mapping, and then the extension image is decomposed into two new images; two phase masks are generated through the image f'1, and the image f'2 and one phase mask are subjected to convolution; Logistic mapping is conducted on an obtained complex matrix, and a conversion result is obtained through DFrRT conversion with the order of alpha; the amplitude of the complex matrix is extracted, and the amplitude and the other phase mask are subjected to convolution; Logistic mapping is conducted on an obtained second complex matrix, and a conversion result is obtained through DFrRT conversion with the order of beta; the amplitude of the second complex matrix is extracted, and then a final ciphertext image is obtained. The invention further discloses a corresponding decryption method. By means of the asymmetric double-image encryption and decryption method, the nonlinearity and disorder of a plaintext image in a spatial domain and a transformation domain are enhanced, and conventional attacks can be well resisted.

The invention discloses a shared file authority control method which is characterized by comprising the following steps: after a file is shared, an administrator sets authority according to the specific need; only the user conforming to the authority can access the shared file so as to realize the secure access to the shared file; the administrator firstly divides the key and label range according to the concrete working need of each user, and the user encrypted files in the same range share the same key; an illegal user without the authority can not access the shared file; if a user with other authority is to access the shared file, the administrator needs to grant the authority for accessing the file; and when in access, a key authentication technology is adopted to judge whether a client has the authority for accessing the shared encrypted file in the range, wherein the encrypted files in different ranges are not interoperable. Through the invention, based on file encryption, effective control on the authority of the shared file is realized, and the users in the authority range can access the shared encrypted file while the users outside the range can not access the shared encrypted file, thereby ensuring the security of the enterprise information.

A weight attribute-based encryption method based on hierarchical authorities is disclosed. A system public key and a system master key are generated when a central authority (CA) is initialized, master keys of corresponding levels of representative attribute authorities (AAs) are generated by authorization of different levels of AAs, the CA and the representative AAs generate total keys of corresponding users for the users, a data owner encrypts a data file through two stages of on-line encryption and off-line encryption, a cipher text is generated and uploaded to a cloud server for storage, auser sends an access request to the cloud server to obtain the cipher text data stored in the cloud server, and the user decrypts the cipher text data obtained from the cloud server to obtain the plain text data to be shared by the data owner. By introducing the hierarchy and attribute weights of the authorities, the encryption system has better flexibility in the cloud storage environment, finer-grained access control can be implemented, and the security of the stored data is improved.