Distributed certification via threshold cryptography is much more secu re than other ways to protect certification authority (CA) 's private key,and c an tolerate some intrusions. As the original system such as IT...Distributed certification via threshold cryptography is much more secu re than other ways to protect certification authority (CA) 's private key,and c an tolerate some intrusions. As the original system such as ITTC,etc.,is unsaf e ,inefficient and impracitcal in actual network environment,this paper brings u p a new distributed certification scheme,which although it generates key shares concentratively,it updates key shares distributedly,and so,avoids single-po in t failure like ITTC. It not only enhances robustness with Feldman verification and SSL protocol,but can also change the threshold (t,k) flexibly and robu stly,and so,is much more practical. In this work,the authors implement the prototype sy stem of the new scheme and test and analyze its performance.展开更多
Considering the secure authentication problem for equipment support information network,a clustering method based on the business information flow is proposed. Based on the proposed method,a cluster-based distributed ...Considering the secure authentication problem for equipment support information network,a clustering method based on the business information flow is proposed. Based on the proposed method,a cluster-based distributed authentication mechanism and an optimal design method for distributed certificate authority( CA)are designed. Compared with some conventional clustering methods for network,the proposed clustering method considers the business information flow of the network and the task of the network nodes,which can decrease the communication spending between the clusters and improve the network efficiency effectively. The identity authentication protocols between the nodes in the same cluster and in different clusters are designed. From the perspective of the security of network and the availability of distributed authentication service,the definition of the secure service success rate of distributed CA is given and it is taken as the aim of the optimal design for distributed CA. The efficiency of providing the distributed certificate service successfully by the distributed CA is taken as the constraint condition of the optimal design for distributed CA. The determination method for the optimal value of the threshold is investigated. The proposed method can provide references for the optimal design for distributed CA.展开更多
A new buyer-seller watermarking protocol is proposed by applying a double encryption method and a novel mechanism of embedding a buyer's watermark. The protocol can effectively prevent against collusion attacks and t...A new buyer-seller watermarking protocol is proposed by applying a double encryption method and a novel mechanism of embedding a buyer's watermark. The protocol can effectively prevent against collusion attacks and the man in the middle attack if the third party is not trusted. Also, based on the proposed scheme for the first-hand transaction, a new buyer-reseller watermarking protocol and a formal multi-party watermarking protocol are also proposed. The proposed buyer-resell watermarking protocol only needs the original seller to provide transfer certificate and encryption-decryption service to support the second-hand transaction, and the multi-party watermarking protocol with distributed certificate authorities can overcome the difficulty in the combination of multicast mechanism with multiple unique watermarks and allow a seller to multicast the watermarked digital contents and key transaction information to n buyers. Furthermore, the idea of zero knowledge proof is also applied into the proposed scheme to allow the seller to take an effective control on the task performed by the third party.展开更多
文摘Distributed certification via threshold cryptography is much more secu re than other ways to protect certification authority (CA) 's private key,and c an tolerate some intrusions. As the original system such as ITTC,etc.,is unsaf e ,inefficient and impracitcal in actual network environment,this paper brings u p a new distributed certification scheme,which although it generates key shares concentratively,it updates key shares distributedly,and so,avoids single-po in t failure like ITTC. It not only enhances robustness with Feldman verification and SSL protocol,but can also change the threshold (t,k) flexibly and robu stly,and so,is much more practical. In this work,the authors implement the prototype sy stem of the new scheme and test and analyze its performance.
基金National Natural Science Foundation of China(No.61271152)Natural Science Foundation of Hebei Province,China(No.F2012506008)the Original Innovation Foundation of Ordnance Engineering College,China(No.YSCX0903)
文摘Considering the secure authentication problem for equipment support information network,a clustering method based on the business information flow is proposed. Based on the proposed method,a cluster-based distributed authentication mechanism and an optimal design method for distributed certificate authority( CA)are designed. Compared with some conventional clustering methods for network,the proposed clustering method considers the business information flow of the network and the task of the network nodes,which can decrease the communication spending between the clusters and improve the network efficiency effectively. The identity authentication protocols between the nodes in the same cluster and in different clusters are designed. From the perspective of the security of network and the availability of distributed authentication service,the definition of the secure service success rate of distributed CA is given and it is taken as the aim of the optimal design for distributed CA. The efficiency of providing the distributed certificate service successfully by the distributed CA is taken as the constraint condition of the optimal design for distributed CA. The determination method for the optimal value of the threshold is investigated. The proposed method can provide references for the optimal design for distributed CA.
基金Internation al S&T Cooperation Project from National Ministry of Science and Technology(2006D FA73180)Research Fund for the Doc toral Program of Higher Education of China (20060497005).
文摘A new buyer-seller watermarking protocol is proposed by applying a double encryption method and a novel mechanism of embedding a buyer's watermark. The protocol can effectively prevent against collusion attacks and the man in the middle attack if the third party is not trusted. Also, based on the proposed scheme for the first-hand transaction, a new buyer-reseller watermarking protocol and a formal multi-party watermarking protocol are also proposed. The proposed buyer-resell watermarking protocol only needs the original seller to provide transfer certificate and encryption-decryption service to support the second-hand transaction, and the multi-party watermarking protocol with distributed certificate authorities can overcome the difficulty in the combination of multicast mechanism with multiple unique watermarks and allow a seller to multicast the watermarked digital contents and key transaction information to n buyers. Furthermore, the idea of zero knowledge proof is also applied into the proposed scheme to allow the seller to take an effective control on the task performed by the third party.
