CN105939354A - Large-scale network key management system based on GDOI protocol - Google Patents

Large-scale network key management system based on GDOI protocol Download PDF

Info

Publication number
CN105939354A
CN105939354A CN201610405993.XA CN201610405993A CN105939354A CN 105939354 A CN105939354 A CN 105939354A CN 201610405993 A CN201610405993 A CN 201610405993A CN 105939354 A CN105939354 A CN 105939354A
Authority
CN
China
Prior art keywords
key
management
module
unit
management module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610405993.XA
Other languages
Chinese (zh)
Inventor
朱云
李元骅
张晓囡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Shield Mdt Infotech Ltd
Original Assignee
Beijing Shield Mdt Infotech Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Shield Mdt Infotech Ltd filed Critical Beijing Shield Mdt Infotech Ltd
Priority to CN201610405993.XA priority Critical patent/CN105939354A/en
Publication of CN105939354A publication Critical patent/CN105939354A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a large-scale network key management system based on a GDOI protocol. The management system comprises a key management centre and a key management control terminal; and the key management centre is connected to the key management control terminal. According to the large-scale network key management system disclosed by the invention, a group encryption and deployment model of a key management server and a group member (GM) and a whole network consultation mechanism (Group SA) are provided based on the GDOI protocol; the flow among nodes is encrypted and decrypted by using the Group SA; and security communication is provided for the IP of any node.

Description

A kind of based on GDOI Large scale network key management system under agreement
Technical field
The invention belongs to technical field of network security, be specifically related to a kind of based on large scale network key management system under GDOI agreement.
Background technology
Global Internet is indispensable in the Working Life of people, but the information security threats of network is but being aggravated year by year.In " prism door " event that network safety filed in 2013 is famous, the existing network architecture with switch, router as core is highly susceptible to monitored.Bulk information is leaked by switch and router, has beaten an alarm bell for all-network user.For large-scale corporation or the internet of government department of global range, it often uses network topology structure.The services such as whole network is divided into three layers, and wherein group's looped network platform is made up of several data centers, is become looped network by multiple 10G group of networks between data center, rolls into a ball offer applied business for complete or collected works and accesses, data summarization;Regional center platform, is made up of several regional centers, and regional center collects the data of each department company according to region, and provides the data channel leading to group's looped network;Regional corporation's platform, is made up of various places regional corporation LAN or Metropolitan Area Network (MAN), the network insertion of the base application of carrying various places company.For the ease of realizing the mutually addressing between each object and data exchange in above-mentioned network, the ICP/IP protocol of existing standard takes the mode of plaintext transmission, substantial amounts of data to be transmitted in the case of not having any safeguard protection on channel;The routing mechanism of network makes not to be had at " gateway of a country " at cyberspace between different geographical, country, and transmission data can arbitrary be intercepted, restructuring, and restores original data message and cause data message to leak.More it is a risk that most of switches of present domestic use and router are all foreign brand names, use external acp chip to design even if home brands are also more, cause domestic transmission network data may be monitored by foreign organization.Therefore, for ensureing the safety transmission of network internal information, in system interconnects, need to use the network switching equipment of a large amount of independent research, data encryption equipment, key management apparatus, equipment safety control etc..Meanwhile, in internet, the service needed such as various Distributed Calculation, voice, video is run anywhere or anytime between each branch, and traditional Hub-Spoke, point-to-point ipsec tunnel solution can not meet the demand of user.GDOI(Group Domain ofInterpretation) agreement proposes Key Management server and the group encryption deployment model of group membership (GM), whole net negotiation mechanism (Group SA), uses Group The internodal flow of SA encryption and decryption, provides possibility for arbitrary node IP secure communication.To this end, the large scale network KMC under exploitation GDOI agreement has important theory and practical significance.
Summary of the invention
In order to solve foregoing, the present invention provides a kind of based on large scale network key management system under GDOI agreement, and described management system includes that KMC and key management control terminal, and described KMC connects key management and controls terminal;
Further; described KMC is for the machine authentication of described management system, the encipherment protection of data storage and the identity key management of the whole network encryption device, and described key management controls the distribution of the identity public key of terminal KMC under key information input and off-line state;
Further, described KMC includes device management module, algorithm processing module, key management module, Communications Processor Module, local monitoring module and Integrated Management Module, wherein;
Device management module, described device management module for the whole network encryption device management, condition monitoring and the management of identity key and group Password Policy maintenance;
Algorithm processing module, described algorithm processing module carries out key information calculating by SM2, SM3 and SM4 algorithm to encryption device;
Key management module; described key management module join algorithm processing module, carries out maintenance and management by SM2, SM3 and SM4 algorithm in algorithm processing module to the storage protection of local critical data and to the whole network session encryption key, group policy key-encrypting key and group policy transmission cryptographic work key;
Communications Processor Module, described Communications Processor Module controls the communication connection of terminal, described device management module and key management control terminal and key management module and described device management module in order to realize described key management module and key management, described Communications Processor Module is externally unified provides GDOI protocol interface, and the distribution of key uses GDOI actualizing;
Local monitoring module, described local monitoring module is for collecting device management module, algorithm processing module, key management module, Integrated Management Module and the running status of Communications Processor Module, checking the integrity of critical data, abnormality triggers reports to the police;
Integrated Management Module, device management module, algorithm processing module, key management module, Communications Processor Module and local monitoring module are managed and safeguard based on WEB mode by described Integrated Management Module, and operation information, status information and maintenance information record are formed daily record;
Further, described device management module includes remote status inquiry and monitoring unit, group policy processing unit and identity key management unit,
Remote status inquiry and monitoring unit, the inquiry of described remote status and monitoring unit are for collecting and monitor the running status of encryption device;
Group policy processing unit, described group policy processing unit, for realizing the maintenance of group policy information, increases and deletion action including to the encryption device member of group policy;
Identity key management unit, described identity key management unit includes noting key spoon and certification key, described note key spoon for key parameter first realizing encryption device be filled with into, described certification key is for realizing local identity authentication function when encryption device starts;
Further; described key management module includes noise code processing unit, local critical data memory protection unit, session encryption key (SEK) administrative unit, group policy key-encrypting key (KEK) administrative unit and group policy transmission cryptographic work key (TEK) administrative unit, wherein;
Noise code processing unit, described noise code processing unit is in order to obtain and the noise data in random detection physical noise source;
Local critical data memory protection unit, described local critical data memory protection unit realizes local identity authentication function by the certification key of identity key management unit, obtains storage protection key, local sensitive information is carried out storage protection;
Session encryption key (SEK) administrative unit, described session encryption key (SEK) administrative unit, by carrying out IKE exchange with encryption device, carries out maintenance and management to SEK key between the whole network encryption device;
Group policy key-encrypting key (KEK) administrative unit, the whole network KEK key is updated and manages according to the group policy state of device management module by described group policy key-encrypting key (KEK) administrative unit;
Group policy transmission cryptographic work key (TEK) administrative unit, described group policy transmission cryptographic work key (TEK) administrative unit is according to group policy state and key updating cycle, to TEK key data maintenance and management;
Further, described Communications Processor Module includes safety management communications interface unit, GDOI protocol processing unit and cast communication processing unit, wherein;
Safety management communications interface unit, described safety management communications interface unit is for resolving and process, be collected group policy information the communication protocol of key management module Yu device management module and device management module is carried out command analysis and information reporting;
GDOI protocol processing unit, described GDOI protocol processing unit controls the communication connection between terminal and key management for realizing key management, and according to GDOI agreement to IKE SA, KEK SA and the foundation of TEK SA and maintenance;
Cast communication processing unit, described cast communication processing unit, in order to realize device management module and the communication connection of key management control terminal, carries out multicast distribution to TEK key;
Further, described management module includes cryptogram management center administrative unit and daily record maintenance unit, wherein;
Cryptogram management center administrative unit, described cryptogram management center administrative unit carries out parameter configuration and operational management based on WEB mode unit all kinds of to KMC;
Daily record maintenance unit, described daily record maintenance unit is for collecting the operation information of all kinds of unit of KMC, status information, maintenance information, and forms log recording, for retrieval and inquiry;
Further, described key management controls terminal and includes credit card information input module and PKI distribution module, and it is key management control station that described key management controls terminal;
The present invention proposes Key Management server and the group encryption deployment model of group membership (GM), whole net negotiation mechanism (Group SA) based on GDOI agreement, uses Group The internodal flow of SA encryption and decryption, providing for arbitrary node IP can secure communication.
Accompanying drawing explanation
Fig. 1 is the hardware composition structure chart of management system of the present invention;
Fig. 2 is the topological schematic diagram of large-scale internetwork in global range described in background of invention.
Detailed description of the invention
In order to make the purpose of the present invention, technical scheme and advantage clearer, below in conjunction with drawings and Examples, the present invention is explained in further detail.Should be appreciated that specific embodiment described herein is used only for explaining the present invention, be not intended to limit the present invention.On the contrary, the present invention contains any replacement made in the spirit and scope of the present invention, amendment, equivalent method and scheme being defined by the claims.Further, in order to make the public that the present invention to be had a better understanding, in below the details of the present invention being described, detailed describe some specific detail sections.The description not having these detail sections for a person skilled in the art can also understand the present invention completely.
The invention will be further described with specific embodiment below in conjunction with the accompanying drawings, but not as a limitation of the invention.Below for the most preferred embodiment of enumerating of the present invention:
nullAs Figure 1-Figure 2,The present invention provides a kind of based on large scale network key management system under GDOI agreement,Described management system includes that KMC and key management control terminal,Described KMC is the server apparatus of 2U height,Described server apparatus includes X86-based mainboard、Special PCI-E cipher card、Storage assembly、Network interface card、ID card driver、ID card read write line and power supply,Described KMC is arranged on X86-based mainboard,And it is configured with Usb-KEY on this mainboard,The machine authentication when system boot、The encipherment protection of data storage、And the identity key management of the whole network encryption device,Described KMC connects key management and controls terminal,Described key management controls the identity public key distribution of terminal KMC under the registration and off-line state of cipher machine ID card used by the whole network.
Described KMC includes device management module, algorithm processing module, key management module, Communications Processor Module, local monitoring module and management module.
Described device management module be used for the whole network encryption device management, condition monitoring, the maintenance work of group Password Policy, realizing the management of the whole network identity key, described device management module includes remote status inquiry and monitoring unit, group policy processing unit, identity key management unit.
The inquiry of described remote status and monitoring unit, for collecting and monitor the running status of encryption device, are reported to device management module in time if any abnormal, and described device management module carries out maintenance and management to the encryption device of abnormality.Described group policy processing unit, for realizing the maintenance of group policy information, is supported to increase the encryption device member of group policy and deletion action, and most group policy entries that the whole network is supported are less than 10000, and the member that each group policy is supported is less than 1000.Described identity key management unit includes noting key spoon and certification key, described note key spoon for realize the key parameter of encryption device first be filled with into, described certification key is for realizing local identity authentication function when encryption device starts.
Described algorithm processing module passes through SM2, SM3 and SM4 algorithm process, and described algorithm processing module carries out key information calculating by SM2, SM3 and SM4 algorithm to encryption device, supports the authentication registration of the most most 200 encryption devices.
Described key management module includes noise code processing unit, local critical data memory protection unit, session encryption key (SEK) administrative unit, group policy key-encrypting key (KEK) administrative unit and group policy transmission cryptographic work key (TEK) administrative unit; described noise code processing unit is in order to obtain the noise data in physical noise source; the noise data obtained is carried out randomness detection, it is ensured that the randomness of key the most processed.Described local critical data memory protection unit realizes local identity authentication function by the certification key of identity key management unit, obtains storage protection key, it is achieved the storage protection of local sensitive information.Described session encryption key (SEK) administrative unit is by carrying out IKE exchange with encryption device, it is achieved and the maintenance and management of SEK key between the whole network encryption device, complete the protection of the transmission to KEK data.Described group policy key-encrypting key (KEK) administrative unit is according to the renewal of group policy state-maintenance the whole network KEK key and management, it is achieved the transmission to TEK data is protected.Described group policy transmission cryptographic work key (TEK) administrative unit is according to group policy state and the management of key updating periodic maintenance TEK key data, it is achieved the transmission to group policy data is protected.
Described algorithm processing module connects key management module, by SM2, SM3 and SM4 algorithm, it is achieved the storage protection of local critical data, the whole network session encryption key, group policy key-encrypting key and the maintenance and management of group policy transmission cryptographic work key.
Described Communications Processor Module includes safety management communications interface unit, GDOI protocol processing unit and cast communication processing unit, described Communications Processor Module controls the communication connection of the communication connection of terminal, described device management module and the communication connection of key management control terminal and key management module and described device management module in order to realize described key management module and key management, described Communications Processor Module is externally unified provides GDOI protocol interface, and the distribution of key uses GDOI actualizing.Described safety management communications interface unit resolves and process, the collection of group policy information, device management module command analysis and information reporting for the communication protocol realizing key management module and device management module.Described GDOI protocol processing unit controls the communication connection between terminal and key management for realizing key management, and completes IKE SA, KEK SA and the foundation of TEK SA and maintenance according to GDOI agreement.Described cast communication processing unit, in order to realize device management module and the communication connection of key management control terminal, carries out multicast distribution to TEK key.
Described local monitoring module, for collecting the running status of each unit, checks the integrity of critical data, and abnormality triggers reports to the police.
Described management module includes cryptogram management center administrative unit and daily record maintenance unit, described cryptogram management center administrative unit management based on WEB mode maintenance function, KMC is carried out parameter configuration, operational management, described daily record maintenance unit is for collecting each generic operation information of operation, status information, maintenance information in KMC, and form log recording, it is simple to retrieve and inquire about.
Described key management controls terminal and includes credit card information input module and PKI distribution module, and it is key management control station that described key management controls terminal.
Embodiment described above, the simply one of the present invention more preferably detailed description of the invention, the usual variations and alternatives that those skilled in the art is carried out in the range of technical solution of the present invention all should comprise within the scope of the present invention.

Claims (8)

1., based on a large scale network key management system under GDOI agreement, described management system includes that KMC and key management control terminal, and described KMC connects key management and controls terminal.
Management system the most according to claim 1; it is characterized in that; described KMC is for the machine authentication of described management system, the encipherment protection of data storage and the identity key management of the whole network encryption device, and described key management controls the distribution of the identity public key of terminal KMC under key information input and off-line state.
Management system the most according to claim 2, it is characterised in that described KMC includes device management module, algorithm processing module, key management module, Communications Processor Module, local monitoring module and Integrated Management Module, wherein;
Device management module, described device management module for the whole network encryption device management, condition monitoring and the management of identity key and group Password Policy maintenance;
Algorithm processing module, described algorithm processing module carries out key information calculating by SM2, SM3 and SM4 algorithm to encryption device;
Key management module; described key management module join algorithm processing module, carries out maintenance and management by SM2, SM3 and SM4 algorithm in algorithm processing module to the storage protection of local critical data and to the whole network session encryption key, group policy key-encrypting key and group policy transmission cryptographic work key;
Communications Processor Module, described Communications Processor Module controls the communication connection of terminal, described device management module and key management control terminal and key management module and described device management module in order to realize described key management module and key management, described Communications Processor Module is externally unified provides GDOI protocol interface, and the distribution of key uses GDOI actualizing;
Local monitoring module, described local monitoring module is for collecting device management module, algorithm processing module, key management module, Integrated Management Module and the running status of Communications Processor Module, checking the integrity of critical data, abnormality triggers reports to the police;
Integrated Management Module, device management module, algorithm processing module, key management module, Communications Processor Module and local monitoring module are managed and safeguard based on WEB mode by described Integrated Management Module, and operation information, status information and maintenance information record are formed daily record.
Management system the most according to claim 3, it is characterised in that described device management module includes remote status inquiry and monitoring unit, group policy processing unit and identity key management unit,
Remote status inquiry and monitoring unit, the inquiry of described remote status and monitoring unit are for collecting and monitor the running status of encryption device;
Group policy processing unit, described group policy processing unit, for realizing the maintenance of group policy information, increases and deletion action including to the encryption device member of group policy;
Identity key management unit, described identity key management unit includes noting key spoon and certification key, described note key spoon for key parameter first realizing encryption device be filled with into, described certification key is for realizing local identity authentication function when encryption device starts.
Management system the most according to claim 4; it is characterized in that; described key management module includes noise code processing unit, local critical data memory protection unit, session encryption key (SEK) administrative unit, group policy key-encrypting key (KEK) administrative unit and group policy transmission cryptographic work key (TEK) administrative unit, wherein;
Noise code processing unit, described noise code processing unit is in order to obtain and the noise data in random detection physical noise source;
Local critical data memory protection unit, described local critical data memory protection unit realizes local identity authentication function by the certification key of identity key management unit, obtains storage protection key, local sensitive information is carried out storage protection;
Session encryption key (SEK) administrative unit, described session encryption key (SEK) administrative unit, by carrying out IKE exchange with encryption device, carries out maintenance and management to SEK key between the whole network encryption device;
Group policy key-encrypting key (KEK) administrative unit, the whole network KEK key is updated and manages according to the group policy state of device management module by described group policy key-encrypting key (KEK) administrative unit;
Group policy transmission cryptographic work key (TEK) administrative unit, described group policy transmission cryptographic work key (TEK) administrative unit is according to group policy state and key updating cycle, to TEK key data maintenance and management.
Management system the most according to claim 5, it is characterised in that described Communications Processor Module includes safety management communications interface unit, GDOI protocol processing unit and cast communication processing unit, wherein;
Safety management communications interface unit, described safety management communications interface unit is for resolving and process, be collected group policy information the communication protocol of key management module Yu device management module and device management module is carried out command analysis and information reporting;
GDOI protocol processing unit, described GDOI protocol processing unit controls the communication connection between terminal and key management for realizing key management, and according to GDOI agreement to IKE SA, KEK SA and the foundation of TEK SA and maintenance;
Cast communication processing unit, described cast communication processing unit, in order to realize device management module and the communication connection of key management control terminal, carries out multicast distribution to TEK key.
Management system the most according to claim 6, it is characterised in that described management module includes cryptogram management center administrative unit and daily record maintenance unit, wherein;
Cryptogram management center administrative unit, described cryptogram management center administrative unit carries out parameter configuration and operational management based on WEB mode unit all kinds of to KMC;
Daily record maintenance unit, described daily record maintenance unit is for collecting the operation information of all kinds of unit of KMC, status information, maintenance information, and forms log recording, for retrieval and inquiry.
Management system the most according to claim 7, it is characterised in that described key management controls terminal and includes credit card information input module and PKI distribution module, and it is key management control station that described key management controls terminal.
CN201610405993.XA 2016-06-10 2016-06-10 Large-scale network key management system based on GDOI protocol Pending CN105939354A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610405993.XA CN105939354A (en) 2016-06-10 2016-06-10 Large-scale network key management system based on GDOI protocol

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610405993.XA CN105939354A (en) 2016-06-10 2016-06-10 Large-scale network key management system based on GDOI protocol

Publications (1)

Publication Number Publication Date
CN105939354A true CN105939354A (en) 2016-09-14

Family

ID=57152369

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610405993.XA Pending CN105939354A (en) 2016-06-10 2016-06-10 Large-scale network key management system based on GDOI protocol

Country Status (1)

Country Link
CN (1) CN105939354A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106953873A (en) * 2017-04-19 2017-07-14 讯美科技股份有限公司 A kind of safety management system of encryption device encryption information
CN111835510A (en) * 2020-05-28 2020-10-27 无锡航天江南数据系统科技有限公司 ETC safety management method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080298592A1 (en) * 2007-05-29 2008-12-04 Mohamed Khalid Technique for changing group member reachability information
US20100142711A1 (en) * 2008-12-09 2010-06-10 Brian Weis Group key management re-registration method
CN102447690A (en) * 2010-10-12 2012-05-09 中兴通讯股份有限公司 Key management method and network equipment
WO2016061126A1 (en) * 2014-10-14 2016-04-21 Cisco Technology, Inc. Scalable federated policy for network-provided flow-based performance metrics

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080298592A1 (en) * 2007-05-29 2008-12-04 Mohamed Khalid Technique for changing group member reachability information
US20100142711A1 (en) * 2008-12-09 2010-06-10 Brian Weis Group key management re-registration method
CN102447690A (en) * 2010-10-12 2012-05-09 中兴通讯股份有限公司 Key management method and network equipment
WO2016061126A1 (en) * 2014-10-14 2016-04-21 Cisco Technology, Inc. Scalable federated policy for network-provided flow-based performance metrics

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
卓才华等: ""基于GDOI的国产化加密系统设计与实现"", 《信息网络安全》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106953873A (en) * 2017-04-19 2017-07-14 讯美科技股份有限公司 A kind of safety management system of encryption device encryption information
CN106953873B (en) * 2017-04-19 2020-03-20 讯美科技股份有限公司 Security management system for encrypted information of encryption equipment
CN111835510A (en) * 2020-05-28 2020-10-27 无锡航天江南数据系统科技有限公司 ETC safety management method

Similar Documents

Publication Publication Date Title
CN101094056B (en) Security system of wireless industrial control network, and method for implementing security policy
Choi et al. Efficient secure group communications for SCADA
US20080195740A1 (en) Maintaining session state information in a client server system
Ming et al. An efficient attribute based encryption scheme with revocation for outsourced data sharing control
JP2009515232A (en) Network user authentication system and method
US20070055893A1 (en) Method and system for providing data field encryption and storage
US8583943B2 (en) Method and system for providing data field encryption and storage
CN101467131A (en) Network user authentication system and method
CN101310544A (en) A device and method for tracking usage of content distributed to media devices of a local area network
CN108881240B (en) Member privacy data protection method based on block chain
US8401183B2 (en) Method and system for keying and securely storing data
Buchade et al. Key management for cloud data storage: methods and comparisons
EP2992646B1 (en) Handling of performance monitoring data
Murala et al. Secure dynamic groups data sharing with modified revocable attribute-based encryption in cloud
CN105939353B (en) Safety management and information feedback system based on GDOI protocol
CN105939354A (en) Large-scale network key management system based on GDOI protocol
CN107733881A (en) Digital authenticating system based on data exchange
CN206364833U (en) One kind is based on large scale network key management system under GDOI agreements
Zhu et al. An edge re‐encryption‐based access control mechanism in NDN
Aziz et al. A recent survey on key management schemes in manet
CN114422189A (en) Park security management system and method based on block chain technology
CN206364832U (en) One kind is based on safety management and information feedback system under GDOI agreements
Arcieri et al. A layered IT infrastructure for secure interoperability in Personal Data Registry digital government services
Agrawal et al. Access control framework using dynamic attributes encryption for mobile cloud environment
CN106230856A (en) A kind of System of Industrial Device Controls based on Internet of Things

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20160914

RJ01 Rejection of invention patent application after publication