公开(公告)号：WO2017053571A1

公开(公告)日：2017-03-30

申请号：PCT/US2016/053116

申请日：2016-09-22

Applicant: GOOGLE INC.

Inventor： MEDVEDEV, Ivan

IPC: H04L9/30 ,  H04W12/02 ,  H04W12/12

CPC classification number: G06F21/6218 ,  G06F21/602 ,  G06F21/6245 ,  H04L9/14 ,  H04L9/302 ,  H04L63/0428 ,  H04L63/0478 ,  H04L63/1416 ,  H04W12/02 ,  H04W12/12

Abstract: Systems and methods for data loss prevention while preserving privacy include receiving a data communication originating from an online account of a user device associated with the enterprise; performing an analysis to determine that the data communication is a candidate data leakage, based on a context of the data communication; encrypting the data communication, and providing the host-encrypted data communication to a software agent at the enterprise; receiving a software agent-encrypted database of enterprise communication and the host-encrypted data communication, re-encrypted by the software agent; decrypting a host-encrypted aspect of the re-encrypted data communication to generate a software agent-encrypted data communication; performing a matching operation to determine whether a match exists between the encrypted database and the software agent-encrypted data communication; if the match exists, reporting the match to the software agent; else, the host taking an action.

Abstract translation: 在保护隐私的同时防止数据丢失的系统和方法包括接收源自与企业相关联的用户设备的在线帐户的数据通信; 基于数据通信的上下文，执行分析以确定数据通信是候选数据泄漏; 加密数据通信，并向企业的软件代理提供主机加密的数据通信; 接收软件代理加密的企业通信数据库和主机加密的数据通信，由软件代理重新加密; 解密重新加密的数据通信的主机加密方面以产生软件代理加密的数据通信; 执行匹配操作以确定加密数据库与软件代理加密的数据通信之间是否存在匹配; 如果匹配存在，则将该匹配报告给软件代理; 主持人采取行动。

公开(公告)号：WO2016010604A3

公开(公告)日：2016-03-31

申请号：PCT/US2015028045

申请日：2015-04-28

Applicant: TOPIA TECHNOLOGY INC

Inventor： HAAGER JOHN ,  SANDWITH CODY ,  TERRANO JANINE ,  SARIPALLI PRASAD

IPC: G06F21/62

CPC classification number: G06F21/602 ,  G06F21/62 ,  H04L9/0869 ,  H04L9/0894 ,  H04L9/14 ,  H04L63/0428 ,  H04L63/0478

Abstract: Systems and methods for security hardening of a file in transit and at rest via segmentation, shuffling and multi-key encryption are presented. The method including segmenting at a first computer system a file into a plurality of file segments, and encrypting the plurality of file segments using a plurality of encryption keys in order to generate a corresponding plurality of encrypted file segments, wherein each file segment of the plurality of file segments is encrypted using a respective encryption key of the plurality of encryption keys. Additionally included is bidirectional data transformation of a file by obfuscating at a first computer system digital values of the file in order to generate corresponding obfuscated digital values of the file, wherein the obfuscated digital values of the file retain their contextual integrity and referential integrity

Abstract translation: 提出了通过分段，混洗和多密钥加密在传输和休息过程中安全加固文件的系统和方法。 所述方法包括在第一计算机系统处将文件分割成多个文件段，以及使用多个加密密钥加密所述多个文件段，以便生成相应的多个加密文件段，其中所述多个文件段中的每个文件段 的文件段使用多个加密密钥的相应加密密钥进行加密。 另外包括的是通过在第一计算机系统中模糊文件的数字值来对文件进行双向数据变换，以便产生文件的相应的模糊数字值，其中该文件的混淆数字值保留其上下文完整性和参照完整性

公开(公告)号：WO2015188202A3

公开(公告)日：2016-02-25

申请号：PCT/US2015043346

申请日：2015-08-02

Applicant: GLOBAL DATA SCIENCES INC

Inventor： MANTZKE MICHAEL T ,  MALMSTEDT DAVID

IPC: G06F21/62

CPC classification number: H04L63/0478 ,  G06F21/10 ,  G06F2221/0717 ,  G06F2221/2111 ,  H04L9/0869 ,  H04L9/14

Abstract: A method for encryption of a private media package by a first processing device which includes at least three key components of a regret management flag, a rules set, and a media object, encrypting with a first key the regret management flag, encrypting with the first key the rules set, encrypting with the first key the media object(s), obtaining a randomized result key, bit shifting the regret management flag from encrypting with the first key the management flag, via the randomized result key, bit shifting the rules set from encrypting with the first key the rules set, via the randomized key, bit shifting the media object(s) from encrypting with the first key the media object(s), via the randomized key, encrypting with a second key the regret management flag from encrypting and bit shifting the regret management flag, encrypting with the second key the rules set from encrypting and bit shifting the rules set, encrypting with the second key the media object(s) from encrypting and bit shifting the media object(s), storing as an encrypted package the regret management flag of the encrypting with the second key the regret management flag, the rules set of the encrypting with the second key the rules set, and the media object(s) of the encrypting with the second key the media object. Decryption is by reverse of the encryption process, and the resulting decrypted private media package may be used only in compliance with the rules set.

Abstract translation: 一种用于通过第一处理装置加密私有媒体包的方法，该第一处理装置包括后遗症管理标志，规则集和媒体对象的至少三个关键组件，用第一密钥加密后遗症管理标志， 关键规则集，使用媒体对象的第一密钥加密，获得随机化结果密钥，通过随机化结果密钥，通过随机化结果密钥将归属管理标志从第一密钥加密的位移位到规则集中 通过规则设置的第一密钥加密，通过随机化的密钥，通过随机密钥利用第二密钥将媒体对象从媒体对象的第一密钥移动到第一密钥加密，遗留管理标志 从加密和比特转移后悔管理标志，用第二密钥加密从加密和比特移位规则集设置的规则，用第二密钥加密媒体对象从加密和比特 移动媒体对象，以加密包存储与第二密钥进行加密的后悔管理标志遗憾管理标志，用规则集合的第二密钥加密的规则集和媒体对象， 的加密与第二个键的媒体对象。 解密是加密过程的反向，并且所产生的解密的私有媒体包可以仅用于遵守规则集。

公开(公告)号：WO2015188202A2

公开(公告)日：2015-12-10

申请号：PCT/US2015/043346

申请日：2015-08-02

Applicant: GLOBAL DATA SCIENCES INC.

Inventor： MANTZKE, Michael T. ,  MALMSTEDT, David

IPC: H04L9/30

CPC classification number: H04L63/0478 ,  G06F21/10 ,  G06F2221/0717 ,  G06F2221/2111 ,  H04L9/0869 ,  H04L9/14

Abstract: A method for encryption of a private media package by a first processing device which includes at least three key components of a regret management flag, a rules set, and a media object, encrypting with a first key the regret management flag, encrypting with the first key the rules set, encrypting with the first key the media object(s), obtaining a randomized result key, bit shifting the regret management flag from encrypting with the first key the management flag, via the randomized result key, bit shifting the rules set from encrypting with the first key the rules set, via the randomized key, bit shifting the media object(s) from encrypting with the first key the media object(s), via the randomized key, encrypting with a second key the regret management flag from encrypting and bit shifting the regret management flag, encrypting with the second key the rules set from encrypting and bit shifting the rules set, encrypting with the second key the media object(s) from encrypting and bit shifting the media object(s), storing as an encrypted package the regret management flag of the encrypting with the second key the regret management flag, the rules set of the encrypting with the second key the rules set, and the media object(s) of the encrypting with the second key the media object. Decryption is by reverse of the encryption process, and the resulting decrypted private media package may be used only in compliance with the rules set.

Abstract translation: 一种用于通过第一处理装置加密私有媒体包的方法，该第一处理装置包括后遗症管理标志，规则集和媒体对象的至少三个关键组件，用第一密钥加密后遗症管理标志， 关键规则集，使用媒体对象的第一密钥加密，获得随机化结果密钥，通过随机化结果密钥，通过随机化结果密钥将归属管理标志从第一密钥加密的位移位到规则集中 通过规则设置的第一密钥加密，通过随机化的密钥，通过随机密钥利用第二密钥将媒体对象从媒体对象的第一密钥移动到第一密钥加密，遗留管理标志 从加密和比特转移后悔管理标志，用第二密钥加密从加密和比特移位规则集设置的规则，用第二密钥加密媒体对象从加密和比特 移动媒体对象，以加密包存储与第二密钥进行加密的后悔管理标志遗憾管理标志，用规则集合的第二密钥加密的规则集和媒体对象， 的加密与第二个键的媒体对象。 解密是加密过程的反向，并且所产生的解密的私有媒体包可以仅用于遵守规则集。

公开(公告)号：WO2013091348A1

公开(公告)日：2013-06-27

申请号：PCT/CN2012/075849

申请日：2012-05-22

Applicant: 华为技术有限公司 ,  徐磊 ,  吴晓昕

Inventor： 徐磊 ,  吴晓昕

IPC: H04L9/00

CPC classification number: H04L63/0442 ,  H04L9/0825 ,  H04L9/0827 ,  H04L9/3073 ,  H04L63/0478 ,  H04L63/0485 ,  H04L63/062 ,  H04L2209/76

Abstract: 本发明实施例公开了一种基于代理的加密、解密方法，网络设备、网络装置及系统，能够提高基于代理进行加密文件传输的可靠性和安全性。该加密方法包括：根据发送端的私钥和接收端的公钥生成分别对应于至少两个代理服务器的代理密钥，所述代理密钥的个数等于所述代理服务器的个数；将加密密文和所述分别对应于至少两个代理服务器的代理密钥分别发送给所述至少两个代理服务器，以使所述至少两个代理服务器分别根据对应的代理密钥重加密所述加密密文。该解密方法包括：获取来自至少两个代理服务器的重加密的加密密文；对所述来自至少两个代理服务器的重加密的加密密文进行解密预处理，生成预处理密文；解密所述预处理密文。

公开(公告)号：WO2011075413A8

公开(公告)日：2012-03-01

申请号：PCT/US2010059887

申请日：2010-12-10

Applicant: AMERICAN EXPRESS TRAVEL RELATE ,  BAILEY JR SAMUEL A

Inventor： BAILEY JR SAMUEL A

IPC: G06F21/00

CPC classification number: G06Q20/3823 ,  G06Q20/108 ,  G06Q40/02 ,  H04L63/0478 ,  H04L63/105 ,  H04L63/20 ,  H04L2463/102 ,  H04W12/08

Abstract: A secure mobile financial transaction is provided by receiving a list of protection methods from an external terminal over a communication network. A matrix of protection methods corresponding to the external terminal is created based on the identified protection methods. Security-related information is received from one or more trust mediator agents over the communication network. Rules corresponding to the received security related information are retrieved, and at least one protection method is selected from the matrix of protection methods based on the retrieved rules. The selected protection method is transmitted to the trust mediator agents for implementation.

Abstract translation: 通过通过通信网络从外部终端接收保护方法的列表来提供安全的移动金融交易。 基于识别的保护方法创建与外部终端相对应的保护方法矩阵。 通过通信网络从一个或多个信任中介代理接收与安全相关的信息。 检索对应于所接收的安全相关信息的规则，并根据检索的规则从保护方法矩阵中选择至少一种保护方法。 所选择的保护方法被传送到信任中介代理实现。

公开(公告)号：WO2011085666A1

公开(公告)日：2011-07-21

申请号：PCT/CN2011/070137

申请日：2011-01-10

Applicant: HUAWEI TECHNOLOGIES CO., LTD. ,  LIU, Tie ,  BLANKENSHIP, Yufei

Inventor： LIU, Tie ,  BLANKENSHIP, Yufei

IPC: H04W12/04

CPC classification number: H04K1/00 ,  H04L9/0822 ,  H04L63/0478 ,  H04L63/105 ,  H04W12/02

Abstract: A system and method for securing wireless transmissions is provided. A method for transmitting secure messages includes selecting a bin of codewords from a plurality of bins. The bin of codewords containing a plurality of sub-bins of codewords, and the selecting is based on a first message. The method also includes selecting a sub-bin of codewords from the plurality of sub-bins of codewords based on a second message, selecting a codeword from the sub-bin of codewords, and transmitting the selected codeword to a legitimate receiver.

Abstract translation: 提供了一种用于确保无线传输的系统和方法。 用于发送安全消息的方法包括从多个箱中选择一个码字块。 包含码字的多个子区块的码字块，并且所述选择基于第一消息。 该方法还包括基于第二消息从码字的多个子区中选择码字的子仓，从码字的子仓中选择码字，以及将所选择的码字发送到合法的接收机。

公开(公告)号：WO2009078103A1

公开(公告)日：2009-06-25

申请号：PCT/JP2007/074439

申请日：2007-12-19

Applicant: 富士通株式会社 ,  篠崎 敦

Inventor： 篠崎 敦

IPC: H04L9/36

CPC classification number: H04L9/00 ,  H04L63/0428 ,  H04L63/0471 ,  H04L63/0478 ,  H04L2209/80 ,  H04W12/02

Abstract: 端末装置と第１中継装置との間の第１区間の通信に対する暗号化を実施する第１暗号化手段と、端末装置から第１中継装置を経由して第２中継装置に至る、第１区間を含む第２区間の通信に対する暗号化を実施する第２暗号化手段と、第２区間の暗号化が実施される場合に、第１区間の暗号化が実施されないように第１暗号化手段を制御する制御手段とを含む暗号化実施制御システムである。

Abstract translation: 加密实现控制系统包括：第一加密装置，用于在终端设备和第一中继设备之间的第一部分中实现通信加密;第二加密装置，用于在包括第一部分的第二部分中实现通信加密， 所述终端装置经由所述第一中继装置发送到第二中继装置，以及控制装置，用于当实现所述第二部分中的通信的加密时，控制所述第一加密装置，以便不执行所述第一部分中的通信的加密。

公开(公告)号：WO2008001327A2

公开(公告)日：2008-01-03

申请号：PCT/IB2007/052530

申请日：2007-06-29

Applicant: KONINKLIJKE PHILIPS ELECTRONICS N.V. ,  CELIK, Mehmet, U. ,  SKORIC, Boris ,  TUYLS, Pim, T.

Inventor： CELIK, Mehmet, U. ,  SKORIC, Boris ,  TUYLS, Pim, T.

IPC: H04L9/08

CPC classification number: H04L9/085 ,  H04L9/0861 ,  H04L63/0478 ,  H04L2209/60

Abstract: The present invention relates to a method and apparatus for encrypting data (105) by means of a first key (115), and a method and apparatus for decrypting encrypted data by means of a second key (185). The present invention alleviates the need for exact key information by allowing encryption of data (105) by means of a first key (115) and subsequent decryption of the encrypted data by means of a second key (185) without the need for the first key (115), provided that the first key (115) and the second key (185) form a sufficient estimate of an encryption/decryption key pair. During encryption, multiple encryption keys (135), at least in part based on the first key (115), are used to encrypt a redundant representation (122) of the data (105). The encrypted data (124) may subsequently be decrypted by using multiple decryption keys (165) based on the second key (185), without the need for the first key (115), provided that the second key (185) forms a sufficient estimate of the first key (115).

Abstract translation: 本发明涉及一种通过第一密钥（115）加密数据（105）的方法和装置，以及用于通过第二密钥（185）解密加密数据的方法和装置。 本发明通过允许借助于第一密钥（115）对数据（105）进行加密以及通过第二密钥（185）对加密数据的后续解密来减轻对精确密钥信息的需要，而不需要第一密钥 （115），条件是第一密钥（115）和第二密钥（185）形成加密/解密密钥对的充分估计。 在加密期间，至少部分地基于第一密钥（115）的多个加密密钥（135）被用于加密数据（105）的冗余表示（122）。 随后可以基于第二密钥（185）使用多个解密密钥（165）来解密加密数据（124），而不需要第一密钥（115），条件是第二密钥（185）形成足够的估计 的第一个键（115）。

公开(公告)号：WO2005057507A2

公开(公告)日：2005-06-23

申请号：PCT/US2004/040172

申请日：2004-12-02

Applicant: KOOLSPAN, INC ,  FASCENDA, Anthony, C.

Inventor： FASCENDA, Anthony, C.

IPC: G07F

CPC classification number: H04L9/3234 ,  G06Q20/02 ,  G06Q20/3829 ,  G07F7/1016 ,  H04L9/0822 ,  H04L9/0877 ,  H04L63/0478 ,  H04L63/062 ,  H04L2463/062 ,  H04W12/04

Abstract: The present invention discloses a technique provisioning network cryptographic keys to a client when direct physical transfer is not feasible. In an embodiment of the invention, a client token generates a temporary key encrypted with a first secret key known only in a master token database and passes this on to an enterprise network token of a network to which service is requested. The enterprise network token then further encrypts the encrypted temporary key with a second secret key and passes that on to the master token database. Since the second secret key is also known by the master token database, the originally encrypted temporary key can be securely decoded only by a master token coupled to the master token database. The decrypted temporary key can then be re-encrypted with a key known only by the enterprise network token and the master token, and returned to the enterprise network token. This allows the enterprise network token to gain secure access to the temporary key of the client token, thereby allowing the enterprise network token to securely provision the remote client token with the appropriate enterprise Network Keys.

Abstract translation: 本发明公开了当直接物理传送不可行时向客户端提供网络加密密钥的技术。 在本发明的一个实施例中，客户机令牌产生用仅在主令牌数据库中已知的第一秘密密钥加密的临时密钥，并将其传递给请求了服务的网络的企业网络令牌。 企业网络令牌然后用第二秘密密钥进一步加密加密的临时密钥，并将其传递到主令牌数据库。 由于主令牌数据库也知道第二秘密密钥，所以原始加密的临时密钥只能由耦合到主令牌数据库的主令牌进行安全解码。 然后可以用仅由企业网络令牌和主令牌所知的密钥重新加密解密的临时密钥，并返回到企业网络令牌。 这允许企业网络令牌获得对客户端令牌的临时密钥的安全访问，从而允许企业网络令牌使用适当的企业网络密钥安全地提供远程客户端令牌。