县市级电视台数字电视条件接收原理及实现方案

本文在分析数字电视条件接收系统基本理论和条件接收系统基本原理基础上,重点研究了数字电视条件接收系统机顶盒上的实现问题,并分别从系统对于数字电视机顶盒的要求、CAS方案选择及移植等方面进行了深入阐述。     

利用智能卡实现刷卡安全支付模型研究

为了保障银行卡刷卡交易安全,文章首先简要地介绍智能卡技术,并利用智能卡安全特性提出使用智能卡实现刷卡安全支付模型,然后利用Java卡对本模型身份认证过程进行模拟实现.     

对象轮播协议分析及在接收系统中的解析方案

详细介绍了数据广播协议栈架构及OC协议在架构中的位置,论述了如何采用DVB-C协议中的OC协议等对数据进行分割以便在信道中传输。针对传统有线电视网络,提出了在接收终端对数据进行解析的软件方案,实现了在数字机顶盒中对cable中传输的数据服务信息进行抽取、解析的功能。该方案已通过嵌入式系统及软件的具体实施,证明是切实可行的。     

基于智能卡的指纹识别身份认证

先简要的介绍智能卡及指纹识别技术,在智能卡中引进指纹识别技术,取代传统的以口令为形式的身份认证.先介绍智能卡和指纹识别系统的组成,然后通过分析卡上资源,指出智能卡为资源受限系统,指纹识别技术应用于智能卡时需注意的问题及其相应策略.     

基于JAAS和智能卡的通用身份认证模块的实现

本文分析了如何在JAAS和OCF框架下，将身份认证模块和业务逻缉分离，并使用智能卡实现通用身份认证模块的原理和一种实现方式。     

基于CPU智能卡技术的加油机系统设计

由于M1智能卡存在着被主制和破解的风险,而且从理论上得到验证;燃油税的实施,税控对其要求也迅速提高。因此,原来广泛使用的一卡通类型自助加油终端,必然要对卡片和终端机进行升级来解决安全问题。本文从实践出发,对基于CPU智能加油机系统的进行了比较详细的设计。主要内容包括：（1）卡片的选择。（2）终端机硬件部分设计。由于工作环境复杂,终端机的主要技术要求是安全性和稳定性,通过选择合适终端机主板、机箱、显示器等硬件和供电模块的设计,确保终端机的安全性和稳定性。（3）智能卡身份认证的实现。详细叙述了在Linux环境下,通过PAM接口模块,使用智能卡进行身份认证的方法。（4）在线交易的实现。包括网络连接的实现和交易数字签名的实现以及系统与公证机构连接的方法,从实质上对交易进行公证,避免税收风险。     

基于手机智能卡DRM系统的设计与实现

本文采用OMA DRM标准,以PKI安全体系为基础,采用HTTP和ROAP作为传输协议,设计出一个在手机上使用的,基于智能卡的数字版权保护系统.用户通过使用该系统,可以在手机上有偿地使用各种数字资源,随时随地享受网络带来的方便与快捷.     

基于串空间理论的Kerberos协议安全性分析

在对串空间理论和Kerberos协议进行深入研究的基础上,采用串空间理论模型对Kerberos协议进行了安全性分析.分析的过程和结果证明,Kerberos协议满足串空间理论的认证性和服务器串随机数的秘密性,但不能保证发起者串随机数的秘密性,因此Kerberos协议能实现安全认证功能,但存在口令猜测攻击.针对此问题,对Kerberos协议进行改进,改进后的协议满足发起者串随机数秘密性,增强了抗口令猜测攻击的能力.     

基于USBKEY的身份认证系统的设计

USBKey身份认证技术是一种快捷、方便、安全的身份认证技术。USBKey身份认证技术结合了智能卡技术、USB技术、现代密码学技术的一种新型身份识别技术。本研究在分析了进行USBKey身份认证技术研究的必要性的基础上,对身份认证进行简要的介绍,并提出USBKey身份认证系统的设计方案。     

椭圆曲线密码在电子商务现金系统中的应用研究

针对现有电子现金系统的不足，提出了一类基于椭圆曲线密码的离线电子现金方案．方案中自动更新的现金数据库可以删除过期的电子现金，避免了银行现金数据库可能无限增大的问题；在通信会话协议中，同时实现了签名、认证、加密传输和数据恢复，签名与认证的协议过程同时也是加密通信的过程，减化了常规的密码协议过程．与已有的方案相比，方案中协议与算法简洁、高效，在安全强度不变的条件下，降低了软硬件实现的系统开销，可广泛应用于电子商务等网络业务环境。     

Secure Internet access to gateway using secure socket layer

The Internet is the most widely used medium to access remote sites. Data sent and received using transmission control protocol/Internet Protocol (TCP/IP) is in plain text format and can be accessed and tampered with quite easily and, hence, provides no data security. This is the case especially if the data are confidential and access to the gateway server has to be strictly controlled, although there are several protocols and mechanisms that have been thoroughly scrutinized to tackle these problems. This paper also intends to provide a model that uses secure socket layer (SSL) to provide a secure channel between client and gateway server. A smart card will be used for client authentication and encryption/decryption of the data.     

Secure Multifactor Remote Access User Authentication Framework for IoT Networks

The term IoT refers to the interconnection and exchange of data among devices/sensors. IoT devices are often small, low cost, and have limited resources. The IoT issues and challenges are growing increasingly. Security and privacy issues are among the most important concerns in IoT applications, such as smart buildings. Remote cybersecurity attacks are the attacks which do not require physical access to the IoT networks, where the attacker can remotely access and communicate with the IoT devices through a wireless communication channel. Thus, remote cybersecurity attacks are a significant threat. Emerging applications in smart environments such as smart buildings require remote access for both users and resources. Since the user/building communication channel is insecure, a lightweight and secure authentication protocol is required. In this paper, we propose a new secure remote user mutual authentication protocol based on transitory identities and multi-factor authentication for IoT smart building environment. The protocol ensures that only legitimate users can authenticate with smart building controllers in an anonymous, unlinkable, and untraceable manner. The protocol also avoids clock synchronization problem and can resist quantum computing attacks. The security of the protocol is evaluated using two different methods: (1) informal analysis; (2) model check using the automated validation of internet security protocols and applications (AVISPA) toolkit. The communication overhead and computational cost of the proposed are analyzed. The security and performance analysis show that our protocol is secure and efficient.     

一种基于UPT卡的UPT接入方案

就ＵＰＴ系统中现行鉴权机制存在的一些安全问题提出了具体的弥补措施。通过对ＵＰＴ接入设备需求的分析，引入ＵＰＴ 并给出了基于ＵＰＴ卡的两种鉴权方式，讨论了它们各自的特点和不同的适用环境，此外，还详细给出了一种基于ＵＰＴ卡的接入设备实现方案。     

A Lightweight Three-Factor User Authentication Protocol for the Information Perception of IoT

With the development of computer hardware technology and network technology, the Internet of Things as the extension and expansion of traditional computing network has played an increasingly important role in all professions and trades and has had a tremendous impact on people lifestyle. The information perception of the Internet of Things plays a key role as a link between the computer world and the real world. However, there are potential security threats in the Perceptual Layer Network applied for information perception because Perceptual Layer Network consists of a large number of sensor nodes with weak computing power, limited power supply, and open communication links. We proposed a novel lightweight authentication protocol based on password, smart card and biometric identification that achieves mutual authentication among User, GWN and sensor node. Biometric identification can increase the non-repudiation feature that increases security. After security analysis and logical proof, the proposed protocol is proven to have a higher reliability and practicality.     

A security enhanced mutual authentication scheme based on nonce and smart cards

There are many mutual authentication schemes proposed in the literature for preventing unauthorized parties from accessing resources in an insecure environment. However, most of them based on smart cards have assumed a tamper resistant condition for the smart card. To solve the problem, Huang, Liu, and Chen (2013) proposed a mutual authentication scheme based on nonce and smart cards and claimed that the adversary was not able to attack and access the system even if he could extract the data stored in the smart card. Unfortunately, in this paper, we will demonstrate that Huang et al.’s scheme is vulnerable to the offline password guessing attack and the privileged insider attack. We also propose an improved scheme to overcome the weaknesses.     

Efficient Joint Key Authentication Model in E-Healthcare

Many patients have begun to use mobile applications to handle different health needs because they can better access high-speed Internet and smartphones. These devices and mobile applications are now increasingly used and integrated through the medical Internet of Things (mIoT). mIoT is an important part of the digital transformation of healthcare, because it can introduce new business models and allow efficiency improvements, cost control and improve patient experience. In the mIoT system, when migrating from traditional medical services to electronic medical services, patient protection and privacy are the priorities of each stakeholder. Therefore, it is recommended to use different user authentication and authorization methods to improve security and privacy. In this paper, our prosed model involves a shared identity verification process with different situations in the e-health system. We aim to reduce the strict and formal specification of the joint key authentication model. We use the AVISPA tool to verify through the well-known HLPSL specification language to develop user authentication and smart card use cases in a user-friendly environment. Our model has economic and strategic advantages for healthcare organizations and healthcare workers. The medical staff can increase their knowledge and ability to analyze medical data more easily. Our model can continuously track health indicators to automatically manage treatments and monitor health data in real time. Further, it can help customers prevent chronic diseases with the enhanced cognitive functions support. The necessity for efficient identity verification in e-health care is even more crucial for cognitive mitigation because we increasingly rely on mIoT systems.     

Design and verification of a non-repudiation protocol based on receiver-side smart card

All the existing non-repudiation protocols ensuring strong fairness have to assume that the communication channel between trusted third party (TTP) and each player is resilient at least. Where only unreliable channel can be guaranteed, all these protocols become impractical. In this study, based on smart card on the receiver side, the authors design a fair non-repudiation protocol that needs no assumptions on the communication channel. The smart card takes over the role of an online TTP server. Without a dedicated TTP server, this protocol is ideal for some ad hoc scenarios where no infrastructure is available. This protocol can also be easily modified to support fair exchange of time-sensitive data. Compared with other traditional security protocols, automatic formal verification of fair non-repudiation protocols is much harder to achieve. The authors use meta-reasoning method to prove that the fair exchange property of this protocol can be reduced to three secrecy properties that fall into the scope of today's most automatic verification tools and therefore can be easily verified. The authors also use a recently proposed automatic method to verify the non-repudiation properties and fairness property of our protocol.     

Lattice-Based Authentication Scheme to Prevent Quantum Attack in Public Cloud Environment

Public cloud computing provides a variety of services to consumers via high-speed internet. The consumer can access these services anytime and anywhere on a balanced service cost. Many traditional authentication protocols are proposed to secure public cloud computing. However, the rapid development of high-speed internet and organizations’ race to develop quantum computers is a nightmare for existing authentication schemes. These traditional authentication protocols are based on factorization or discrete logarithm problems. As a result, traditional authentication protocols are vulnerable in the quantum computing era. Therefore, in this article, we have proposed an authentication protocol based on the lattice technique for public cloud computing to resist quantum attacks and prevent all known traditional security attacks. The proposed lattice-based authentication protocol is provably secure under the Real-Or-Random (ROR) model. At the same time, the result obtained during the experiments proved that our protocol is lightweight compared to the existing lattice-based authentication protocols, as listed in the performance analysis section. The comparative analysis shows that the protocol is suitable for practical implementation in a quantum-based environment.     

Yesterday’s dreams and today’s reality in telecommunications

Twenty-five years ago the telecommunications industry had its vision of the future. There were three dreams that, given the right technology, they could achieve: (1) the Dick Tracy wristwatch phone; (2) the Picturephone; and (3) the set-top box for the home television which could access an information store maintained by the telephone company. None of these dreams turned out as planned, but it is interesting to compare the original concepts with what has actually transpired in the last quarter-century. Today, having achieved some form of each of these three dreams, it seems as if, looking ahead to tomorrow’s technology, the industry has no similar vision.     

Multi-Factor Password-Authenticated Key Exchange via Pythia PRF Service

Multi-factor authentication (MFA) was proposed by Pointcheval et al. [Pointcheval and Zimmer (2008)] to improve the security of single-factor (and two-factor) authentication. As the backbone of multi-factor authentication, biometric data are widely observed. Especially, how to keep the privacy of biometric at the password database without impairing efficiency is still an open question. Using the vulnerability of encryption (or hash) algorithms, the attacker can still launch offline brute-force attacks on encrypted (or hashed) biometric data. To address the potential risk of biometric disclosure at the password database, in this paper, we propose a novel efficient and secure MFA key exchange (later denoted as MFAKE) protocol leveraging the Pythia PRF service and password-to-random (or PTR) protocol. Armed with the PTR protocol, a master password pwd can be translated by the user into independent pseudorandom passwords (or rwd) for each user account with the help of device (e.g., smart phone). Meanwhile, using the Pythia PRF service, the password database can avoid leakage of the local user’s password and biometric data. This is the first paper to achieve the password and biometric harden service simultaneously using the PTR protocol and Pythia PRF.