A safe and reliable application system frame based on Internet and Intranet for Stock Supervision and Administration Council of China is built up. An all sided, multi tier and multi technical security method has be...A safe and reliable application system frame based on Internet and Intranet for Stock Supervision and Administration Council of China is built up. An all sided, multi tier and multi technical security method has been adopted, which includes identity recognition, data encryption, digital signature, Domino and WWW servers, access control list, directory service, certificate authorization server, IC card and so on. The recognition system based on CA server is a high efficient, convenient and reliable system. The encryption technology and security method are proved to be reliable. The recognition system is of high security and is worthy of being popularized in some places where some special security requirements need meeting. Multi tier technology can improve the security of database. Double keys method is a useful data encryption method.展开更多
In proxy signature schemes,the proxy signer B is permitted to produce a signature on behalf of the original signer A. However,exposure of proxy signing keys can be the most devastating attack on a proxy signature sche...In proxy signature schemes,the proxy signer B is permitted to produce a signature on behalf of the original signer A. However,exposure of proxy signing keys can be the most devastating attack on a proxy signature scheme since any adversary can sign messages on behalf of the proxy signer. In this paper,we applied Dodis,et al.’s key-insulation mechanism and proposed an Identity-Based (ID-based) Key-Insulated Proxy Signature (IBKIPS) scheme with secure key-updates. The proposed scheme is strong key-insulated and perfectly key-insulated. Our scheme also supports unbounded period numbers and random-access key-updates.展开更多
Security has been regarded as one of the hardest problems in the development of cloud computing. This paper proposes an AllianceAuthentication protocol among Hybrid Clouds that include multiple private clouds and/or p...Security has been regarded as one of the hardest problems in the development of cloud computing. This paper proposes an AllianceAuthentication protocol among Hybrid Clouds that include multiple private clouds and/or public clouds. Mu tual authentication protocol among entities in the IntraCloud and InterCloud is proposed. Blind signature and bilinear mapping of automorphism groups are adopted to achieve the InterCloud Alli anceAuthentication, which overcome the complexi ty of certificate transmission and the problem of communication bottlenecks that happen in tradi tional certificatebased scheme. Blind key, instead of private key, is adopted for register, which avoids展开更多
Due to the compromise of the security of the underlying system or machine stonng the key, exposure of the private key can be a devastating attack on a cryptosystem. Key insulation is an important technique to protect ...Due to the compromise of the security of the underlying system or machine stonng the key, exposure of the private key can be a devastating attack on a cryptosystem. Key insulation is an important technique to protect private keys. To deal with the private (signing) key exposure problem in identity-based signature systems, we propose an identity-based threshold key-insulated signature (IBTKIS) scheme. It strengthens the security and flexibility of existing identity-based key-insulated signature schemes. Our scheme' s security is proven in the random oracle model and rests on the hardness of the computational Diffie-Helhnan problem in groups equipped with a pairing. To the best of our knowledge, it is the first IBTKIS scheme up to now.展开更多
A Verifiably Encrypted Signature (VES) plays an essential role in the construction of a fair data exchange. The paper proposes an Identity-based Proxy Verifiably Encrypted Signature (IPVES) to combine the advantages o...A Verifiably Encrypted Signature (VES) plays an essential role in the construction of a fair data exchange. The paper proposes an Identity-based Proxy Verifiably Encrypted Signature (IPVES) to combine the advantages of a proxy signature and a VES in order to delegate the signing capability of the VES of an entity called the original signer to another entity, called the proxy signer. In this IPVES scheme, the original signer delegates his/her signing capability to the proxy signer. The proxy signer issues a signature by using a proxy signing key, encrypts the signature under a designated public key, and subsequently convinces a verifier that the resulting ciphertext contains such a signature. We prove that the proposed IPVES scheme is secure in a random oracle model under the computational Diffie-Hellman assumption.展开更多
文摘A safe and reliable application system frame based on Internet and Intranet for Stock Supervision and Administration Council of China is built up. An all sided, multi tier and multi technical security method has been adopted, which includes identity recognition, data encryption, digital signature, Domino and WWW servers, access control list, directory service, certificate authorization server, IC card and so on. The recognition system based on CA server is a high efficient, convenient and reliable system. The encryption technology and security method are proved to be reliable. The recognition system is of high security and is worthy of being popularized in some places where some special security requirements need meeting. Multi tier technology can improve the security of database. Double keys method is a useful data encryption method.
基金Supported by the National Natural Science Foundation of China (No. 60573032, 60773092, 90604036, 60873229, 60903178, 60672072, 60832003)Zhejiang Provincial Natural Science Foundation of China (No. Y106505)
文摘In proxy signature schemes,the proxy signer B is permitted to produce a signature on behalf of the original signer A. However,exposure of proxy signing keys can be the most devastating attack on a proxy signature scheme since any adversary can sign messages on behalf of the proxy signer. In this paper,we applied Dodis,et al.’s key-insulation mechanism and proposed an Identity-Based (ID-based) Key-Insulated Proxy Signature (IBKIPS) scheme with secure key-updates. The proposed scheme is strong key-insulated and perfectly key-insulated. Our scheme also supports unbounded period numbers and random-access key-updates.
基金the National Natural Science Foundation of China,the Innovation Group Project of Beijing Institute of Technology
文摘Security has been regarded as one of the hardest problems in the development of cloud computing. This paper proposes an AllianceAuthentication protocol among Hybrid Clouds that include multiple private clouds and/or public clouds. Mu tual authentication protocol among entities in the IntraCloud and InterCloud is proposed. Blind signature and bilinear mapping of automorphism groups are adopted to achieve the InterCloud Alli anceAuthentication, which overcome the complexi ty of certificate transmission and the problem of communication bottlenecks that happen in tradi tional certificatebased scheme. Blind key, instead of private key, is adopted for register, which avoids
基金Supported by the National Natural Science Foundation of China (No. 60970111, 61133014, 60903189, 60903020).
文摘Due to the compromise of the security of the underlying system or machine stonng the key, exposure of the private key can be a devastating attack on a cryptosystem. Key insulation is an important technique to protect private keys. To deal with the private (signing) key exposure problem in identity-based signature systems, we propose an identity-based threshold key-insulated signature (IBTKIS) scheme. It strengthens the security and flexibility of existing identity-based key-insulated signature schemes. Our scheme' s security is proven in the random oracle model and rests on the hardness of the computational Diffie-Helhnan problem in groups equipped with a pairing. To the best of our knowledge, it is the first IBTKIS scheme up to now.
基金supported partially by the Projects of National Natural Science Foundation of China under Grants No.61272501 the National Key Basic Research Program (NK-BRP)(973 program)under Grant No.2012CB315900 the Specialized Research Fund for the Doctoral Program of Higher Education under Grant No.20091102110004
文摘A Verifiably Encrypted Signature (VES) plays an essential role in the construction of a fair data exchange. The paper proposes an Identity-based Proxy Verifiably Encrypted Signature (IPVES) to combine the advantages of a proxy signature and a VES in order to delegate the signing capability of the VES of an entity called the original signer to another entity, called the proxy signer. In this IPVES scheme, the original signer delegates his/her signing capability to the proxy signer. The proxy signer issues a signature by using a proxy signing key, encrypts the signature under a designated public key, and subsequently convinces a verifier that the resulting ciphertext contains such a signature. We prove that the proposed IPVES scheme is secure in a random oracle model under the computational Diffie-Hellman assumption.