36 results about "Key revocation" patented technology

A system for revoking access to a mobile device comprises a mobile device providing a plurality of applications and an agent providing a plurality of revocation procedures for revoking access by the mobile device to the plurality of applications running on the mobile device. Access to a first application is revoked by the agent using a first revocation procedure, and access to a second application is revoked by the agent using a second revocation procedure.

A method and system for encrypting a first piece of information M to be sent by a sender [100] to a receiver [110] allows both sender and receiver to compute a secret message key using identity-based information and a bilinear map. In a one embodiment, the sender [100] computes an identity-based encryption key from an identifier ID associated with the receiver [110]. The identifier ID may include various types of information such as the receiver's e-mail address, a receiver credential, a message identifier, or a date. The sender uses a bilinear map and the encryption key to compute a secret message key gIDr, which is then used to encrypt a message M, producing ciphertext V to be sent from the sender [100] to the receiver [110] together with an element rP. An identity-based decryption key dID is computed by a private key generator [120] based on the ID associated with the receiver and a secret master key s. After obtaining the private decryption key from the key generator [120], the receiver [110] uses it together with the element rP and the bilinear map to compute the secret message key gIDr, which is then used to decrypt V and recover the original message M. According to one embodiment, the bilinear map is based on a Weil pairing or a Tate pairing defined on a subgroup of an elliptic curve. Also described are several applications of the techniques, including key revocation, credential management, and return receipt notification.

A method and apparatus are presented for revoking cryptographic keys within a distributed ledger system in which no central trusted authority is available. A key revocation message is sent by a network connected device to other network connected devices over a peer-to-peer network for inclusion in a ledger. In one embodiment the revocation message is signed using a private key of a public / private key pair to be revoked. In another embodiment an authorization for future revocation of the public / private key pair by a plurality of other public / private keys is sent for inclusion in the ledger, and subsequently the key revocation message is signed with one of the private keys of the plurality of other public / private key pairs before sending the key revocation message. Once a valid key revocation message is included in the ledger, any future request to include a message signed by a cryptographic key revoked by the valid key revocation message is rejected.

A copyright protection system is provided that keeps manufacturing costs down regardless of the total number of playback apparatuses belonging to the system. In this system, a device key generating unit of a key management apparatus performs a modular exponentiation operation on a random number with an inverse element of a product of predetermined prime numbers, so as to generate and distribute device keys to playback apparatuses in one-to-one correspondence. A key revocation data generating unit generates, as key revocation data, information identifying the prime numbers used by an unrevoked playback apparatus to generate a decryption key from its device key and distributes the key revocation data along with an encrypted content to each playback apparatus. Playback apparatuses each attempt to generate a description key based on the key revocation data, and only those playback apparatuses that have successfully generated a decryption key are able to decrypt the encrypted content.

A method for managing wireless multi-hop network key is applicable to a security application protocol when a WAPI frame method (TePA, an access control method based on the ternary peer-to-peer identification) is applied in a concrete network containing a Wireless Local Area Network, a Wireless Metropolitan Area Network AN and a Wireless Personal Area Network. The key management method of the present invention includes the steps of key generation, key distribution, key storage, key modification and key revocation. The present invention solves the technical problems that the prior pre-share-key based key management method is not suitable for larger networks and the PKI-based key management method is not suitable for wireless multi-hop networks; the public-key system and the ternary structure are adopted, thereby the security and the performance of the wireless multi-hop networks are improved.

The invention discloses a key revocation method for a key management tree in a cloud database. The method comprises the steps of correspondingly generating a key revocation management tree for an existing key management tree structure of the cloud database while the tree structure is generated; recording the revocation state of each key management tree node of the cloud database; and when a user carries out revocation operation, updating corresponding key revocation management tree state, and thus completing the revocation process. The problems of increased storage expense and management difficulty and a lot of computation expense in a re-encryption process due to the fact that the key storage expense is increased along with an increase of the revocation times when key revocation is carried out on the key management tree in an existing cloud database are solved.