38results about How to "Guaranteed forward security" patented technology

The embodiment of the invention provides an authentication method, a reader and a label. The method comprises the steps: receiving an updated mark bit message sent by the label and a first enciphered message; deciphering the first enciphered message according to the updated mark bit message and authenticating the label according to the deciphering result. The reader authenticates the label by applying corresponding deciphered and enciphered messages of an encryption key according to the updated mark bit message sent by the label; and the adopted encryption key is relevant to a cipher code adopted before, therefore, an attacker cannot calculate a symmetric key used in previous communication, and the forward security can be ensured; the encryption key is updated and the updated encryption key is synchronized with the label after the communication is successful; and if the updated mark bit message applied by the label is updated successfully or not can ensure the data synchronism.

The invention relates to an RFID (radio frequency identification) mutual authentication protocol method, which comprises the following three stages: a tag identification stage, a mutual authentication stage and an update stage, wherein at the tag identification stage, a reader sends a request to a tag, and the tag returns an identification section (IDS) to the reader after receiving the request; at the mutual authentication stage, after the IDS is identified by the reader, an exclusive-or operation related to a digital synthetic operation is conducted to obtain A and B, A and B are sent to the tag, after the reader is identified by the tag through received A||B, related calculation is conducted to obtain C, C is sent to the reader, and the tag is identified by the reader; and at the update stage, after C is successfully identified by the reader, IDS and secret keys (K1 and K2) in C are updated, then D and E are calculated and sent to the tag, and after E is successfully identified by the tag, IDS and secret keys of E are updated. Only the simple digital synthetic or exclusive-or operation exists in the RFID mutual authentication protocol method. Therefore, the RFID mutual authentication protocol method has the beneficial effects that the calculation amount and storage space of the tag can be effectively reduced, various attacks such as impersonation, retransmission, tracking and denial of service can be resisted, and forward security is provided.

The invention discloses an information leakage preventing method and system based on the internet of things. An RFID (Radio Frequency Identification Device) chip responder and a reader of an application layer of the internet of things, which are mutually communicated and arranged in the internet of things; and the RFID chip responder stores an electronic carrier of identifying information of things in the internet of things. The method comprises the following steps that the RFID chip responder encrypts a private key and a public key and then transmits encrypted information to the reader of the application layer of the internet of things by a network layer of internet of things; the reader of the application layer of the internet of things decrypts the public key and the private key and generates a new private key every time; and the reader of the application layer of the internet of things encrypts and forwards the new generated private key to the RFID chip responder and readers of other application layers of the internet of things by using the public key. The invention protects the safety of data in the internet of things and prevents the leakage of information by a public key and private key encrypting mechanism. In the whole process of realization, the dynamic replacement of the private key not only further protects information safety but also improves the difficulty of password cracking.

The invention discloses an anonymous data sharing method and system based on the hiding of data sources and data masters. During the registration and request initiation stages, group signatures are used to implement effective access control and complete anonymous authentication to protect user identity privacy, while onion routing is used to hide The user IP address solves the problem that the user’s identity is associated due to the leakage of the user’s IP address; in the file upload stage, the group administrator uses re-encryption technology to re-encrypt the uploaded file and generates key information; in the file download stage, the revocation verification and signature are completed After verification, the group administrator generates authorization information for the user so that the user can obtain the decryption and re-encryption key from the key information to ensure the forward security of the scheme; The encryption of files in the cloud greatly reduces the overhead of the client.

The invention relates to IC cards and two-dimension codes and discloses a data safety storing method suitable for IC cards and two-dimension codes. The method comprises the steps of (1) terminal registering, (2) authentication, (3) card / code generating and (4) card / code reading. A symmetric key and an asymmetrical key are combined for use, only the data storing function of the IC cards and the two-dimension codes is used, a data encryption function is completely completed by an upper layer software system, accordingly, limiting from the types and inner achieving of the IC cards is avoided, and limiting from the types of the two-dimension codes is avoided. Each card / code generator and each card / code reader are provided with unique identity keys, a key center is used for distributing different encryption keys during each-time encryption, and the key center carries out decryption authorization on the card / code reader. The forward safety of the keys can be well guaranteed, right control particle size is well refined, and accordingly data safety is enhanced.

The invention discloses a smart grid data aggregation and encryption method with forward security. The key generation center KGC generates an initial private key and sends it to a smart meter through a secret channel; the smart meter verifies the initial private key, and the user's data Implement encryption and signature to generate a signature private key, send it to the aggregation gateway, and update the signature private key at the same time; the aggregation gateway aggregates the received signature private key to generate an aggregate signature and send it to the control center; the control center verifies the aggregate signature, After the verification is successful, the aggregate signature is decrypted and decoded with the private key k encrypted with the public key to obtain the plaintext m. The invention solves the problem of plaintext transmission of user electricity information data in the existing smart grid, data congestion in the transmission from the smart meter to the control center, and overhead problems in the existing aggregation encryption algorithm, and is suitable for data transmission in the smart grid. Encryption and aggregation to achieve the purpose of safe and efficient data transmission.

The invention discloses a method for realizing safe migration of user data based on a voice channel. A cryptographic system combining symmetric cipher and asymmetric cipher is deployed on a trusted terminal of a secure telephone communication network. Utilize the characteristics of fast encryption and decryption speed, high computing efficiency, and less resource occupation of symmetric ciphers to complete the confidentiality protection of user information; use asymmetric ciphers to calculate the difficulty of discrete logarithms in finite fields to realize the identity authentication of both parties in communication, and at the same time With the help of the complex characteristics of the elliptic curve algorithm, the shared factor of the two parties in the communication is obtained through the point multiplication of the temporary public and private keys, and a one-time secret service data protection key is generated to ensure the forward security of user data; finally, the hash algorithm is used respectively The calculation determinism of the random sequence and the uncertainty of the random sequence solve the integrity protection of the user data during transmission and the anti-replayability of the cryptographic protocol.

The present invention discloses a key generation method and system in the handover process. The method includes: in the UE handover process, the network side uses the next hop parameter NH to generate the next hop key KeNB; wherein, the network side The generated NH does not notify the base station; the network side and the UE side respectively use the next hop counter NCC value notified by the target base station to synchronize the next hop key KeNB; the network side uses the generated next hop The changed key KeNB notifies the target base station. Since the base station cannot obtain the NH, it cannot generate the next-hop key KeNB, which avoids the possibility of illegally obtaining the next-hop key KeNB and ensures forward security. The invention greatly improves the security of the communication system.

The invention discloses an efficient and robust dynamically searchable symmetric encryption method and system, belonging to the field of cloud storage security, including: for any keyword w, obtain the key used in the latest operation associated with it at the retrieval client Information and the corresponding ciphertext index L' and trapdoor T' to generate the ciphertext of the current operation and send it to the retrieval server, so as to store it in the ciphertext database; the ciphertext meta information of the generated ciphertext includes L ’ and T’; the ciphertext meta-information of the deletion operation ciphertext also includes the deletion credential; the key information is updated when the retrieval ciphertext is generated, and the ciphertext meta-information also includes the difference between the previous retrieval operation and the key used in the current retrieval operation To update the credentials between, send L' and T' while sending the retrieval ciphertext; at the retrieval server, obtain all the ciphertexts associated with the keyword w, delete the ciphertexts that need to be deleted, and send the result set to the retrieval client. The invention can improve the robustness of the searchable symmetric encryption method.

The invention discloses an ultra-lightweight RFID mutual authentication method, and belongs to the technical field of RFID. With a negation cyclic displacement operation processing tag and data stored by a rear-end database, secret data are greatly hidden. According to the authentication method, tag authentication is firstly performed, then a stage of mutual authentication is performed, and information stored by a reader-writer and an electronic tag is updated after success of mutual authentication so that forward security is guaranteed. New and old authentication information stored by the electronic tag is combined with resistance replay aggression data M which are designed in the authentication process by utilizing secret key information of the new and old authentication information so that non-synchronous aggression and replay aggression are effectively resisted.

The invention belongs to the field of security authentication in the discipline of cyberspace security, and specifically relates to an authentication method and system for privacy protection of dynamic wireless charging of electric vehicles, including: registering an electric vehicle with a vehicle management office, obtaining a login password for an anti-tampering device of the vehicle, Log in to the anti-tampering device afterwards to generate a false identity and request an authentication token from the charging service provider, which enables the electric vehicle to pass the authentication of the roadside unit and obtain a one-time session key for authentication with the charging board; the present invention guarantees It improves the efficiency, identity privacy and location privacy of electric vehicles during charging authentication, and in case of disputes, with the assistance of multiple vehicle management offices, charging service providers can recover the true identity of the vehicle, ensuring the identity of the vehicle Not in the hands of any trusted third party.