Arrangements for secret or secure communication (H04L9)

ethod for forming key of encryption/decryption // 2642806
FIELD: physics.SUBSTANCE: method is carried out through the formation of a confidential key of the key distribution center, which is carried out on the basis of the sensor by selecting random numbers of coefficients of the symmetric polynomials {ƒi{x1, x2)}, over the field GF(264), the personal confidential key of the user is produced in the form of ratios of polynomials {gA,i (x)}, obtained by substituting the YA identifier in the polynomials {ƒi(x1, x2)}, instead of one of the arguments: gA,i(x)=ƒi(x, YA)=ƒi(YA, x)mod(264), the session key KAB is obtained usinga lookup in a personal confidential key {gA,i(x)}, of the correspondent identifier: KAB,i=g(YB)mod(264), while the session key with a length of n bits is a concatenation of the values of polynomials over the field GF (264) KAB=KAB,0||KAB,1||…||KAB,r-1 i.e. it can be calculated using the formula KAB=KAB.0+KAB,1⋅(264)+KAB.2⋅(264)2+KAB, r-1⋅(264)r-1.EFFECT: reducing the time required to complete the procedures for obtaining personal and session keys.1 cl

ethod of digital clock synchronization // 2640731
FIELD: radio engineering, communication.SUBSTANCE: based on the signals at the demodulator output the phases of the fronts of the received binary parcels, the values of which are converted into digital form, distribution histogram of the n phases of the binary parcel fronts is constructed based on the last n phases of the binary parcel fronts. Then in a sliding window of length k of successive phases of the parcel fronts, the area under the distribution histogram is counted, taking into account the cyclic numbering of phase readings of the fronts of the binary parcels. The received values of the areas below the histogram are compared together and the position of the sliding window is chosen in such a way that the maximum value of the area below the distribution histogram is achieved and the evaluation of phases of undistorted binary parcel fronts is considered the mean value of the phases of the binary parcel fronts of the sliding window of length k of successive parcel front phases with the maximum area below the distribution histogram. In this case, a decision is made about the presence of a signal in the communication channel with a monomodal distribution of the distribution histogram of the phases of the binary parcel fronts or its absence. And the length of the window from k of successive phases of binary parcel fronts are selected depending on the magnitude of the dispersion of the phase distribution of the fronts of the binary parcels.EFFECT: increase in the accuracy and effectiveness of establishing the digital clock signals.4 cl, 1 dwg

Efficient network level for ipv6 protocol // 2640726
FIELD: radio engineering, communication.SUBSTANCE: electronic wireless device includes a network interface that allows the electronic device to wirelessly communicate the electronic device to other electronic devices, a processor, that defines at least one data path to other electronic devices using the routing mechanism of the Routing Information Protocol of next generation (RIPng). After identifying at least one data path to other electronic devices, the processor can determine whether the identified data paths (-s) is (are) safe, using the Datagram Transport Layer Security (DTLS) protocol. If the identified data path (-s) is (are) safe, the processor can send the data batch of the Internet Protocol version 6 (IPv6) to other electronic devices via the safe data path (-s).EFFECT: possibility of wirelessly communication of an electronic device with another electronic device through a wireless mesh network.21 cl, 12 dwg

ethod and server for executing authorization of application on electronic device // 2638779
FIELD: information technology.SUBSTANCE: authorization method is applied to the execution of the application on an electronic device, the electronic device is connected to the server through a data network, the electronic device is connected with the device environment. The method consists of the steps of: transmitting to the electronic device a static marker and a dynamic marker, the static marker includes the user credentials to authorise the electronic device and the dynamic marker is used for authorization of the device environment; an authorization request of the electronic device is received to execute the application; a request is transmitted to the electronic device to verify the static marker using the user credentials from the electronic device; the static marker is confirmed by obtaining and verifying the user credentials; a request for confirmation of the dynamic marker is transmitted to the electronic device; in response to the fact that both the static marker and the dynamic marker are verified, the electronic device is authorised to execute the application.EFFECT: authorization of the application environment on the electronic device.23 cl, 5 dwg

Aircraft information verification in response to compromised digital certificate // 2638736
FIELD: aviation.SUBSTANCE: method of the data verification for use in the aircraft is disclosed. According to this method: one receives a great number of digital certificates that are related to the mentioned data the by virtue of the processing unit; one verifies for every digital certificate from the noted digital certificates quantity that the side, which issued the digital certificate, is on the admissible certification authority list in the processing system on the aircraft board; one determines by virtue of the processing unit if the certificate from the noted digital certificates quantity is compromised; one exercises the choice of the selected amount from the noted digital certificates quantity by virtue of the processing unit in reaction to the determination of the fact that the mentioned certificate from the noted digital certificates quantity is compromised. One determines the selected amount with reference to the quorum principle, which is selected from the quorum principles on the ground of the number of the aircraft systems, where the noted data will be used, and on the ground of the aircraft location at the data loading moment; and one verifies the noted data by virtue of the processing unit for use in the aircraft with the use of the noted selected amount and the noted digital certificates quantity. The data verification for use in the aircraft, during which the selected amount from the noted digital certificates quantity is used, comprises the determination if at least the set number of the amount, selected from the noted digital certificates quantity, is valid; and one determines the set number with reference to the quorum principle, which is composed of one or more of the following: the quorum principles for the aircraft operator; the quorum principles for the provider of the aircraft maintenance operation; the quorum principles for the aircraft type; the quorum principles for the aircraft system, where the noted data will be used; the quorum principles for the number of the aircraft systems, where the noted data will be used; and the quorum principles, which is used when it is known or there is a suspicion that the certification authority is compromised.EFFECT: enhancement of flight safety.10 cl, 8 dwg

Encoder, decoder and method for encoding and encrypting input data // 2638639
FIELD: physics.SUBSTANCE: at least the first data unit is encoded from the input data, thereby forming the first encoded data unit. The first encoded data unit is then encrypted using at least one key to obtain the first encrypted and encoded data unit which is included in the encoded and encrypted data. The first initial value for use in encryption of the next encoded unit is also generated to obtain the next encoded and encrypted data unit which is included in the encoded and encrypted data. Further, the next initial value is generated for use in encrypting the subsequent encoded data unit, and so on sequentially and repeatedly until all data units of the input data are encoded and encrypted as encoded and encrypted data.EFFECT: extending the range of technical facilites of data coding.42 cl, 5 dwg

Command and logic of providing functional capabilities of cipher protected hashing cycle // 2637463
FIELD: information technology.SUBSTANCE: processor for providing functional capabilities of cipher hashing cycle includes a decoding stage for decoding the first command for executing cipher protected hashing algorithm using triple data encryption standard (TDES), while the first command indicates the source data and one or more key operands, and one or more hardware executing units configured in response to the decoded first command to execute primary exchange over the source data for generating the source data, subjected to exchange, to execute one or more cyclic iterations of cipher protected hashing algorithm over the source data, subjected to exchange, using one or more key operands to generate the encrypted data, while one or more cyclic iterations is less than 16, as indicated by the first command, to execute reverse primary exchange over the encrypted exchange data and to save the execution result of the first command in the recipient register, while the first command indicates the recipient register with the operand of the recipient register with one command and a plurality of data (SIMD).EFFECT: providing functional capabilities of a cipher protected hashing cycle.27 cl, 27 dwg

ethod of message secure exchange organization // 2636694
FIELD: radio engineering, communication.SUBSTANCE: there is proposed a method of message secure exchange organization to perform a transaction between the terminal and a microprocessor card with a payment application stored in its memory in which the chain of certificates from the noted terminal is checked by the noted payment application; with a positive result of the verification of the noted chain of certificates, dynamic mutual authentication of the noted terminal and card is performed; with a positive result of the noted dynamic authentication secure message exchange keys are calculated in the noted payment application.EFFECT: increased security of the message exchange channel between the microprocessor card and the payment application and the terminal.4 cl, 5 dwg
ethod of hidden transferring digital information // 2636690
FIELD: physics.SUBSTANCE: method is carried out through a preliminary formation of a coding table to convert the signal elements of information-container, in which the range of all possible values of the information-container signal, the number of units in its binary view is determined, these values of the signal are grouped by a number of units in its binary representation and at the same time these groups are organized in the ascending order of the number of units within the range of the acceptable values of the signal elements of the transmitted image-messages, then in each group for each of the values of the signal information-container, for which the number of units of its binary view does not correspond to this group, the closest value number of units corresponding to this group is determined, and then by the results obtained, the value of the signal of transmitted information-message is formed.EFFECT: providing the hidden transmission of digital information.2 cl, 7 dwg

ethod, device and system of administration communication control between account and device // 2636524
FIELD: information technology.SUBSTANCE: method of administration communication control between the account and the target intelligent device includes receiving a device binding request transmitted from the first terminal, with the device binding request comprising of the target intelligent device identifier being broadcast from the target intelligent device and the first account identifier corresponding to the account for which authentification is done in the first terminal, determination of the second account identifier, corresponding to the main administration account associated with the target intelligent device, transmitting the binding request message to the second terminal in which the authentification of the account, corresponding to the second account identifier, is done, with the binding request message including the first account identifier and the device identifier, and registration of the account corresponding to the first account identifier as a secondary administration account for the target intelligent device, if the first acknowledgment message, corresponding to the binding request message, is received from the second terminal.EFFECT: increase in the effectiveness of establishing administration communication between the device and the accounts.12 cl, 11 dwg

ethod and device for processing surveillance videodata // 2636127
FIELD: physics.SUBSTANCE: method for processing surveillance videodata includes receiving a request from the user account for viewing the surveillance video file. The view request contains authorization information for the user account, performing the user authentication according to the user account in accordance with authorization information, and allowing the user to view the surveillance video file using the user account when authenticated. The method includes encrypting the surveillance video file based on the file key, the file key is a user password of the camera owner account that removes the surveillance video file, and authorization information comprises the user name and the user account password, and the said permission to view the monitoring video file when authentication is passed personality, includes decryption of the surveillance video file using the user password of the camera owner account that takes surveillance video, when based on authorization information it is determined that the user account is a camera owner account, which takes surveillance video, and output of the decrypted surveillance video on the display.EFFECT: ensuring effective protection of the user confidential information.7 cl, 17 dwg

Using general key networking device and its configuration // 2636109
FIELD: information technology.SUBSTANCE: method for configuring a network device for using a public key comprises the steps of receiving at least two sets of parameters in electronic form, a set of parameters comprising a private module (p1), a public module (N), and a two-dimensional polynomial (f1) having integer coefficients, a binary representation of public module and a binary representation of private module are the same in consecutive bits having at least the length of the key (b), generating a local key material for the network device, the generating step comprising steps of obtaining identification number (A) for the network device and for each set of parameters from at least two sets of parameters obtaining the corresponding one-dimensional polynomial by determining, using the device of manipulating the polynomial, the one-dimensional polynomial from two-dimensional polynomial parameter set by substituting the ID number in the said two-dimensional polynomial and cast the result of substitution in modulus of private module parameter set, and generated local key material containing the module of each set of parameters and corresponding one-dimensional polynomial for each set of parameters are electronically stored on a network device.EFFECT: ensuring effective network security.17 cl, 6 dwg

Key formation depending on parameter // 2636105
FIELD: information technology.SUBSTANCE: method for controlling access to one or more computing resources of a provider of computing resources comprises: receiving, under the control of one or more computer systems operating on the basis of executable instructions, the first delegation request object, the execution of which includes permitting the second entity to gain access to the computing resource; generating a session key based, at least, in part, on the restriction and secret certificate shared with the first entity; providing the session key to the first object; receiving a request access from the second object to access the computing resource. The access request includes a session key provided to the first entity; acknowledgment of the access request based, at least, in part, on the session key contained in the access request; and allowing the second object to access the computing resource.EFFECT: effective controlling the safety of computing resources.20 cl, 24 dwg
Complex of hardware and software creating protected cloud environment with autonomous full-function logical control infrastructure with biometric-neural network identification of users and with audit of connected hardware // 2635269
FIELD: information technology.SUBSTANCE: complex of hardware and software, that creates a protected cloud environment with an autonomous full-function logical control infrastructure with biometric-neural network user identification and with the audit of the hardware used, contains server and network equipment, an administrator workstation, a large data storage, a secure access point, a security module, a trust module, a biometric-neural network computing module, and a mobile PC providing protection from theft and unauthorized access.EFFECT: increase in the information security of cloud services.8 cl, 2 dwg

ethod for constructing replacement nodes using values of line and difference spectra and device implementing it // 2633132
FIELD: physics.SUBSTANCE: device for constructing replacement nodes is proposed, consisting of a mode selection unit, a cryptographic parameters calculating unit, a unit for calculating values of the target vector function, a control unit, a transformation generating unit, a unit for multiplying replacement node to conversion, a random access memory.EFFECT: construction with a reasonable labour intensity of a large number of affine-non-equivalent replacement nodes with high values of the main cryptographic parameters from random mappings or known nodes.3 cl, 5 dwg

Authentication of operations using network // 2633124
FIELD: information technology.SUBSTANCE: method for authentication of the consumer and the consumer's portable device comprises the following stages: performing the authentication process for the consumer. The consumer uses a consumer's portable device to perform the operation, performing an authentication process for the consumer's portable device. Performing the authentication process for the portable consumer device comprises verifying the identification mark or the dynamic verification value connected with the consumer's portable device and performing a risk analysis after the consumer authentication and authentication of the consumer portable device have been performed. The risk analysis determines whether the operation is subject to authorization.EFFECT: authentication of the user's portable device.16 cl, 15 dwg, 1 tbl

Computer system with remote control by server and device for creating trusted environment and method for implementation of remote control // 2633098
FIELD: information technology.SUBSTANCE: system includes a trusted environment creation device, installed on the server with a remote control module, and a remote multifactor mutual authentication module, trusted environment creation device with a remote multifactor mutual authentication module and a remote administration module, installed on the administrator workstation, wherein the server and the administrator workstation are provided with trusted connection modules, which form a communication channel between the computer and the server with transparent encryption of network traffic and including a VPN server and a VPN client, respectively.EFFECT: increasing the effectiveness of protecting computers from unauthorized actions and providing protection against unauthorized access to information processed and stored in computer information systems, simplifying operations by centralizing control while enabling remote control and remote access to distributed network resources.3 cl, 3 dwg

ethod of block encryption with private key // 2631981
FIELD: physics.SUBSTANCE: method of block encryption with a private key, including partitioning messages into the transmitter on a separate set of k-bit data blocks in the number (N≥2), carrying out initialization of the private key before sending the message (when i=0) in the transmitter and the receiver with the same value of the private key, forming subkey sequences from the private key, followed by their decryption in the transmitter of the corresponding transmitted data blocks, block-by-block transmitting the data generated in the communication channel and the subsequent decryption of the transmitted data blocks at the receiver through the mentioned sunkey, including various modifications, at first the service information block that contains the modifier of the (i+1)-th closed subkey is attached to the (i)-th data block in the transmitter, and then the data block and service information are encrypted with the (i)-th subkey of the plurality of the sunkeys, and then the control bits are formed and added to the i-th transmitted block, then the (i)-th block with the control bits is sent to the receiver, where the correctness of the (i)-th received block is controlled by the control bits, then the (i)-th received block is encrypted with the (i)-th closed subkey and separated into the i-th data block and (i)-th service information block, the value of the next (i+1)-th closed subkey is formed with the possibility of decrypting the next (i+1)-th block by it in the receiver of the (i)-th subkey and the (i+1)-th modifier; moreover, after transmitting, receiving and controlling the correctness of each of the i-th transmitted block in the transmitter and the receiver, synchronously a new value of the closed subkey is set from the plurality of subkeys of the private encryption key, then the transmission of the next (i+1)-th data block is resumed with the (i+2)-th modifier private subkey in the transmitter, and the received message is formed in the receiver from the correctly received data blocks. The data blocks are mixed with the blocks containing random numbers in the transmitter, then, after encryption, the blocks are transmitted at different frequencies, wherein a block number is transmitted in the service information block, which indicates that the block contains random numbers, as well as the code specifying the transmission frequency for the next block, and the blocks are received at different frequencies in the receiver, after the decryption, the blocks containing random numbers are separated from the blocks containing the data, then the data blocks are ordered by numbers, and a message is formed from them, the receiver generates a receipt on each correctly received data block and transmits it by radio to the transmitter.EFFECT: increased crypticity.3 cl, 3 dwg

Device for forming signals with four-position manipulation // 2631149
FIELD: radio engineering, communication.SUBSTANCE: device consists of a message source, a scrambler, a decoder, the first, second, third, fourth frequency synthesizers, the first, second, third, fourth, fifth, sixth, seventh, eighth slave keys, the first, second, third, fourth adders, the first, second, third, fourth pseudo-random sequence generators, a shift register, AND circuit.EFFECT: increased noise immunity of signals with four-position manipulation with limited frequency resource of the radio link.1 dwg

ethod of information steganographic transmission // 2631044
FIELD: radio engineering, communication.SUBSTANCE: method is proposed in which the data is hidden in a container, the role of which is performed by the information transfer channel, the main and hidden channel data are fed to the noise-proof encoders, predictors are made to the digital data of the main channel, which are hidden channel data and dependent on the values of the embedded data, The current signal-to-noise ratio, the masking function and the time, on the receiver side from the output of the noise-proof decoder, the corrected data of the main channel is newly coded with an anti- A coder similar to the transmitting side and supplied to the hidden channel recovery unit, which is also fed with data from the demodulator output and passed the delay line, the reconstructed hidden channel data passes through the noise-immune decoder of the hidden channel, the corrected data is sent to the receiver of the hidden channel, which allows, having data streams from the noise-proof encoder on the receiving side, from the delay line, and also knowing the parameters of the hidden channel distribution function to basically restore the transmitted steganographic data.EFFECT: providing secret information transfer with variable speed and specified reliability.1 dwg

Systems and methods for cryptographic security as service // 2630751
FIELD: physics.SUBSTANCE: method for providing remote cryptographic service for the client application, when calling a service of the service system in the provider's computer service system, containing: storing identification data information for a variety of client applications; creating key control by the service module that is associated with the provider's computer service system, an encryption key, and the encryption key is associated with, at least, one client application from a variety of client applications. The encryption key is used by the cryptographic service provider to encrypt application data; the API provision (application programming interface) of the cryptographic service provider to a variety of client applications. Herewith the cryptographic service provider API is adapted i) to deliver encryption requests and decryption requests to the cryptographic service provider and ii) to deliver encrypted data and decrypted data to multiple client applications; getting an encryption request through the cryptographic service API provider by, at least, one client application. The encryption request includes data for the end user of, at least, one client application. The encryption request includes, at least, one encryption parameter specified by, at least, one client application to use, when encrypting the data. And, at least, one encryption parameter identifies the encryption type and the encryption depth; data encryption using the generated encryption key, the encryption type specified by, at least, one client application, and the encryption depth specified by, at least, one client application; transfer via cryptographic service API provider to retrieve the encrypted data to, at least, one client application without transmission the encryption key to, at least, one client application; getting from, at least, one client application a decryption request, containing, at least, part of the parameters and encrypted data. The encryption type specifies the part of the parameters associated with the encrypted data and the encryption depth associated with the encrypted data; determination of the identity of, at least, one client application sending the received message, on the basis of the identification data and the part of the parameters; decryption of the encrypted data based on the generated encryption key, encryption type and encryption depth; and transfer of the decrypted data back to, at least, one application.EFFECT: effective data protection.20 cl, 9 dwg

ethod of safety data transmission and communication system for its implementation // 2630585
FIELD: radio engineering, communication.SUBSTANCE: method of safety data transmission between at least one unit, executed as the server and several units, each of which is executed as the client. The server can communicate via the central dialog interface only to that of the clients that functions as the main client, and all executed as the clients units are connected between each other through the data bus. The main client in response to the execution of the server request to get access, generates the initialization value and sends it to the server, the server on the basis of the initialization value calculates, using the calculating rules, the first key and sends it to the main client, the main client compares the first key, computed by the server with the second key, defined by him by means of the mentioned calculating rules, and if the first key and the second key coincides, the main client initiates the access setup to at least one of the rest clients.EFFECT: safety data transmission.10 cl, 3 dwg

ethod for converting low-entropy messages // 2630429
FIELD: information technology.SUBSTANCE: method for converting low-entropy messages is that, prior to each alphabet symbol, the corresponding numerical code is randomly assigned, the input message is formed from the corresponding set of alphabet symbols, as numerical code the coordinates of the points on the circle are used, selected in such a way that the distance from any point on the line intersecting the circle, with the exception of the point coinciding with the center of the circle, to the said points on the circle is different, origin point is randomly selected, on the line intersecting the circle, before the start of converting the input message, then using the origin point coordinates and the corresponding numerical code of each character of the input message, the length of segment between them is calculated, which is the result of converting each input message symbol. To determine the coordinates of origin point of each subsequent message, the coordinates of origin point of the previous message are changed using the converting result of previous message.EFFECT: simplifying the conversion algorithm and increasing the resistance to unauthorized data recovery.3 dwg

ethod of cryptographic transformation of information // 2630423
FIELD: information technology.SUBSTANCE: method of cryptographic transformation of the input information into the output is performed for S sequentially performed rounds using cryptographic converters and corresponding round keys in each of the rounds, the cryptographic information conversion being performed on N parallel running converters with different round keys for each converter that are changed through every R rounds (0<R<=S). The resulting intermediate data in each round on the outputs of each of the N parallel-working cryptographic converters is divided into N parts of arbitrary size and uses them as input data for the subsequent round of cryptographic transformations in N parallel-running cryptographic converters, the parts of the output intermediate data in each round at the outputs each of the N parallel-working cryptographic converters is fed into all N parallel cryptographic transducers.EFFECT: increasing the cryptographic strength of information obtained as a result of the conversion.1 dwg

Transfer of call service between cellular communication system nodes supporting various security context // 2630175
FIELD: radio engineering, communication.SUBSTANCE: method of controlling the first node to generate a security context for the client in the cellular communication system. The first node contains a processing scheme. The method includes: the first node performing during a handover in a cellular communication system: receiving, at least, one cryptographic key from the second node; receiving the identification information of the security algorithms supported by the client from the third node; and using the said, at least, one cryptographic key and identification information to generate a security context for the client. The first node is a target packet switching node, the third node is a packet switching node, and the second node is a source switching node.EFFECT: ensuring effective communication.20 cl, 8 dwg

ethod and device to transmit the messages // 2630172
FIELD: radio engineering, communication.SUBSTANCE: transmitting method through the information processing device, such as the chip card, the message, using at least one hidden physical communication channel, in the form of the detectible and controlled change of the mentioned device hardware characteristic, contains the following stages: transmit the preamble, consisting of variable characters sequence, encoding the binary values '0' and '1' after which goes the delimiter character; transmit the significant part, forming the contents of the mentioned messages and consisting of the characters '0' and '1' sequence, optionally separated by the delimiter character '2'. The method also includes the sequence beginning mark preliminary assignment stage in the form of the character other than the characters, that are used to encode the message and/or the following sequence end mark preliminary assignment stage in the form of the character other than the characters that are used to encode the message.EFFECT: increase of the data transmission rate.7 cl, 4 dwg

ethod of control of files access // 2630163
FIELD: information technology.SUBSTANCE: method to control files access is in the preliminary (at the stage of gaining access to the operating system by the user, after his identification) formation of lists of files with which the user is allowed to perform various actions. In this case, for each action, their lists are formed, which, after the user logs on, are placed in the core memory, in an area inaccessible for unauthorized access.EFFECT: reducing the access time to files when monitoring access rights to them and, accordingly, increasing the speed of the information and calculating system in general.1 dwg
ethod of guaranteed depersonalization of electronic documents // 2629445
FIELD: information technology.SUBSTANCE: method of guaranteed depersonalization of the user's electronic documents, in which: a key pair is created, some examples of the user's biometric image are read, the monitored biometric parameters are retrieved from each biometric image, training the artificial neural network based on these parameters is carried out with the purpose of subsequently converting the biometric parameters in the user's private key; thereinafter, the examples of the user's biometric image are destroyed, the parameters of the trained artificial neural network are saved in the database or in a depersonalized electronic document, the user's digital photo is received, the derivate from the private key is formed, the user's private key is destroyed, the user's digital photograph is encrypted on the derivate from his/her personal key, the encrypted digital photo is placed in the database or in the depersonalized electronic document; while carrying out the anonymous validation, the user to be checked provides his/her biometric image, then the image is transformed by the artificial neural network into the user's private key, the derivate of the private key is obtained and the digital photograph is decrypted on the derived key, then the decrypted photo is presented to the inspector and the automatic biometric authentication on the personal key is carried out and the result is reported to the inspector, additionally the inspector compares organoleptically the face of the person to be checked with the photograph decrypted, then the user's decrypted digital photo is destroyed, if the inspector makes the decision about the full match of the facial features of the person to be checked and the facial features on the photograph decrypted; if the inspector makes the decision about the mismatch of the face to be checked and the facial features on the photograph decrypted, the person's face is re-photographed and memorized together with the previously decrypted photograph; before memorizing, the pairs of photographs are encrypted on the inspector's public key and the public key of the person who will later carry out the incident analysis; after memorizing the two encrypted photographs, the original couple of photographs is destroyed.EFFECT: effective personal data protection.2 cl

System and method for protected transmission of audio-data from microphone to processes // 2628925
FIELD: physics.SUBSTANCE: protected audio data transmission system from the microphone to the processes comprises: a computing device comprising: at least, one processor; input and output means interacting with, at least, one processor; and a storage means comprising an operating system, a plurality of instructions executable on, at least, one processor, and a protected audio data transmission subsystem. The operating system includes an audio subsystem comprising: an audio stream management facility, with which API-functions interact with processes for creating and managing audio streams associated with the audio stream mixing and processing facility; audio mixing and processing means for processing audio streams using Audio Processing Objects (APOs), and also routing audio streams between processes and the end device that is a microphone, during which audio data are transmitted from the said microphone to processes by separate buffers, wherein the said audio mixing and processing means records audio data, and processes read the said audio data by calling an API-functions. The protected audio data transmission subsystem comprises: an RPC-traffic filtering means for monitoring RPC-traffic between the audio stream management and the audio mixing and processing means for detecting RPC-requests for creating audio streams associated with the final audio device being a microphone and for determining process identifiers, for which the creation of audio streams is required, associated with the cryptographic protection of audio streams; an audio cryptographic protection means for encrypting audio data within the audio processing and mixing means of the audio processing means (Audio Processing Objects, APOs), also intended to install interceptors of the API-function call, by which processes are reading the audio data from separate buffers used by means of mixing and processing audio streams for the transfer of audio data from a target device that is a microphone, for processes, where the interceptors are set for processes, an identity that was defined by means of the RPC-traffic filtration and is also intended to decrypt audio data and transfer the decrypted audio data to the processes.EFFECT: protecting audio data transmitted from the microphone to the processes, from interception.14 cl, 7 dwg

Broadband receiving device // 2628328
FIELD: radio engineering, communication.SUBSTANCE: device comprises a coder, first and second phase shifters, a first and a second high-frequency switches, a HE element, an adder, a mixer, a synthesizer, a controlled key, a pseudo-random sequence generator, a key generator, a receiving part of a mixer, Demodulator, first and second phase detectors, first and second keys, NOT element, OR element, decoder, speed change command decoder, channel quality analyzer, receipt decoder, formation unit Messages, a memory unit, a delay line, a synchronization unit, a pseudorandom sequence generator, a key generator, a controlled key, a frequency synthesizer, a power control unit comprising a counter, a decoder, an attenuator, a power amplifier. Due to the power control unit, the power parameters of the generated signal change when the program adjustment speed changes.EFFECT: increasing the noise immunity of radio communication to deliberate response interference by changing the frequency tuning rate and controlling the radio transmitter power depending on the interference situation.2 dwg

Transmitting device, transmitting method, receiver, receiving method, program, flow transmission and receiving system, and electronic device // 2628187
FIELD: radio engineering, communication.SUBSTANCE: transmitting device comprises a flow input module configured to input a plurality of flows, each consisting of contiguous packets. The flow synthesis module is configured to synthesise a plurality of input flows to produce one flow, the flow transmitting unit is configured to transmit one received flow. The flow synthesis module encodes, at least, a typical structure portion of each packet of the plurality of flows by using the keys that are internal to the respective flows to separate the packets of each flow on the receiving-side, and then time division multiplexing of packets of the plurality of flows is performed to produce a single flow.EFFECT: reliable reception of the plurality of the original flows, when the plurality of flows is synthesised and transmitted as one flow.18 cl, 15 dwg
ethod of access granting to distributed data and computational resources as corporate portals via protected virtual environment // 2626664
FIELD: information technology.SUBSTANCE: method includes identification of a portal network user by an active session and authentication of unidentified users by one of the access nodes of the protected virtual environment by the presence of user session attributes represented by the user session ID and authentication factors signed by the central node or the backup central node. And user authentication data is stored only in the central node LDAP server and the backup central node LDAP server of the protected virtual environment. The request for access to the data and computational resource is processed by one of the access nodes of the protected virtual environment that authenticates the user's session in the central node. As a result of successful authentication of the client PC user session, the central node, as a response to the request, sends the user session attributes to the access node, which the access node first saves in the access node LDAP server. The access node then checks the privilege of the user's access to the requested data of the data and computational resource and, as a result of the successful verification, provides access to them. And in the case of a user request to another data and computational resource, the user session authentication is performed by checking the session data attributes stored in the access node LDAP server.EFFECT: increased reliability and protection of data from unauthorized access.5 dwg

ethod and equipment for device control // 2626659
FIELD: information technology.SUBSTANCE: method for the smart device control, that is used in the smart module, located in the smart device, containing: the broadcasting of the smart module identification information for the mentioned identification information receipt by the terminal and for transmitting the identification information and the user account to the server in order the server associates the identification information with the user account, generates the signature data, transmits the signature data to the terminal and transmits the user account into the smart module; the user account receipt, sent by the server; the control data, transmitted by the terminal receipt. The control data contains the control instruction and signature data, where the signature data is transmitted by the server into the terminal and received by the server through calculation, using the smart module key and the user account corresponding to the terminal according to the predetermined algorithm; the signature data validation. The signature data validation includes: reading of the user account previously stored in the smart module and reading the key, previously recorded by the server into the smart module; perform the calculation using the user account and the key according to a predetermined algorithm for the validation data receipt; detection, whether the verification data is identical to the signature data; and when the verification data is identical to the signature data, the definition of that the signature data has been validated; and if the validation is passed, the operation corresponding to control instruction execution provision by the smart device.EFFECT: improved control security at remote access to the smart devices.3 cl, 11 dwg

ethod and system using cyber identifier for ensuring protected transactions // 2625949
FIELD: information technology.SUBSTANCE: method and system for ensuring the protection of user transactions include a subscriber device ("SU"), an administrator of the account information ("CIM") and a service provider ("TSP"). The cyber-identifier ("CyberID"), the subscriber identifier ("SubscriberID") and the subscriber information are stored in the CIM memory. Transaction request is sent from the SU to the TSP to generate a transaction ID ("TID"), the TID is stored in the memory of the TSP and the TID is transmitted to the SU, which transmits the authentication request along with the TID and the SubscriberID to the CIM, where the received SubscriberID is authenticated and the request is transmitted for verification along with the TID received from the SU, to the TSP, which verifies the received TID and reports the CIM verification result. The CIM transmits the CyberID and the subscriber information to the TSP and transfers the transaction authorization to the SU.EFFECT: increasing the security of online transactions by additional authority confirmation of both parties to the transaction.67 cl, 12 dwg

System of radiofrequency identification for military objects // 2624556
FIELD: radio engineering, communication.SUBSTANCE: radiofrequency identification system for military installations includes a reader 3, a sensor 6, and a central information processing device 30. The difference of claimed invention is that central information processing device 30 comprises an asynchronous detector 27, a low-pass filter 28, a registration unit 29, a unipolar valve 31, a storage device 32, a threshold unit 33 and a delay line 34.EFFECT: increasing interference immunity and reliability of radiofrequency identification of military installations by eliminating additional receiving channels and the phenomenon of reverse work.5 dwg

ethod for converting data with equal-probable initialization // 2623894
FIELD: physics.SUBSTANCE: method for converting data with equal-probable initialization based on the use of probable encryption, which consists in forming a pseudo-random sequence, to which the block of the original message is attached to form an extended message block, and then performing its crypto-conversion, the result of which is transmitted on the communication line to the subscriber. Then, the reverse crypto-conversion is performed to obtain an extended message block, from which a pseudo-random sequence is eliminated to obtain a block of the original message, while mixing the bits with changing their locations before the crypto-conversion, and after the reverse crypto-conversion, the bit locations in the extended message block are restored.EFFECT: increasing the security level of the cryptosystem by reducing the apriori knowledge of the attacker, when using the probable encryption.2 dwg

obile communication node // 2623893
FIELD: radio engineering, communication.SUBSTANCE: mobile communication node contains a technological automatic workstation, a switch of lines and group paths, an Ethernet card, a server, a telephone system of the IP system. It includes a VSAT earth station, a linear board, an IP-ATC, an uncontrolled Ethernet switch, a subscriber panel, a crypto-gateway, mobile radio controller, a base station multiplexer, n-base radio access stations with antennas [n=1, 2, 3…14], m-radio terminals with subscriber encryption unit [m = 10, 11, 12…60], an operator workstation, a crypto router, a controlled Ethernet switch, a media converter, an xDSL modem, a radio router with antenna, a subscriber input board, an input board, a remote subscriber station, three sets of user equipment, a fiber-optic communication line, a cable communication line, a radio interface.EFFECT: ensuring the provision of guaranteed cryptographic protection of transmitted information to subscribers and increasing the opportunities for reconfigurating and building up an established autonomous network for providing multiservice services to subscribers.5 cl, 5 dwg

Attribute-based digital signatures // 2623724
FIELD: information technology.SUBSTANCE: attribute-based digital signatures system comprises: the first module (1) for signature forming to form the first signature (10) for the document (11) based on the first key (12) of the signature and the document (11); and the resubscribtion module (2) made to form the second signature (13) for the document (11) based on the first signature (10) and the key (14) of resubscribtion, wherein the resubscribtion module (2) is made to process attributes (15, 16), linked to the first signature (10) and/or the second signature (13), wherein the second signature (13) is linked to the second set of attributes (16) determined by the key (14) of resubscribtion, wherein the second set of attributes (16) comprises a plurality of attributes; and the generator (3) of resubscribtion keys to form the key (14) of resubscribtion based on the second key (18) of the signature linked to the second set of attributes (16'), wherein the key (14) of resubscribtion allows to the resubscribtion module (2) to convert the first signature (10) to the second signature (13), linked to the second set of attributes (16), and wherein the second key (18) of the signature allows the second module (4) for signature forming to form the signature (19), linked to the second set of attributes (16") based on the document (11); the generator (3) of resubscribtion keys is made to additionally form the first key (12) of the signature based on the second key (18) of the signature, wherein the second key (12) of the signature and the key (14) of resubscribtion are formed as a pair of keys, and the first key (12) of the signature is provided to the first module (1) for signature forming, and the key (14) of resubscribtion is provided to the resubscribtion module (2).EFFECT: improved data security through use of digital signature for document and possibility of change.9 cl, 3 dwg

Device of quantum cryptography (versions) // 2622985
FIELD: physics.SUBSTANCE: quantum cryptography device includes a radiation source, a first fiber beam splitter, a fiber interferometer, a second fiber beam splitter, a first phase modulator, a third fiber beam splitter, a detector, an attenuator, a delay line, a polarization filter, a second phase modulator, a fiber mirror and a single photon detector. The elements listed above are interconnected by means of an optical fiber that preserves the polarization state.EFFECT: increasing the stability of the work of the device of quantum cryptography due to the conservation of the polarization state along the whole way of the optical path.26 cl, 7 dwg
Quantum key distribution network // 2621605
FIELD: physics.SUBSTANCE: quantum key distribution network that includes, at least, two local area networks with quantum key distribution, united by the fiber-optic communication channel. Each of the aforementioned local area network contains, at least, one server and, at least, one client part. The server includes, at least, one passing server part and, at least, one supporting client part, logically associated with the transmitting part of the node.EFFECT: creating a network with a possibility of reconfiguration, as well as possessing greater survivability in the event of a single node loss.4 cl, 4 dwg, 3 tbl

Key joint usage device and the system for its configuration // 2621182
FIELD: radio engineering, communication.SUBSTANCE: system for the network device configuring for the key joint usage, containg: means for obtaining the key material for getting personal module in electronic form (122, p1), the open module (110, N) and the symmetric polynomial (124, f1) from two variables, having integral coefficients, at that the binary representation of the open module and the binary representation of the individual module are identical in at least in consecutive bits of the key length (b), generator (200) for generating the local key material for the network device, containing: network devices control means (250) to obtain the identification number (A) in electronic form for the network device and for the electronic storing of the generated local key material in the network device and storing the open module in the network device, and the polynomial manipulation device (240) to determe the polynomial from one variable from the polynomial from two variables by substituting the identification number in the polynomial from two variables, reduction of the substitution result according to the personal module.EFFECT: security provision between two network devices by key joint usage.14 cl, 6 dwg

ethod of secured transmission of encrypted information over communication channels // 2620730
FIELD: radio engineering, communication.SUBSTANCE: method of secured transmission of encrypted information over communication channels provides cryptographic protection and antinoise coding, in particular, by using k encoders to perform the encryption procedure to message M, by interpreting received blocks of cryptograms C1, C2, …, Ck as the least non-negative residues over the mutually generated simple modules mi (i = 1, 2, …, k) which form an information superblock of a modular code from the sequence of blocks of cryptograms C1, C2, …, Ck after the operation of expanding the excess blocks of cryptograms Ck+1, Ck+2,…, Ck+r, by obtaining from a set of blocks of cryptograms C1,…, Ck, Ck+1,…, Ck+r of a modular antinoise code.EFFECT: ensured sustainability of protected information to different types of exposure.2 dwg
Data encryption system and methods // 2619895
FIELD: information technology.SUBSTANCE: data encryption method comprises the steps of: implementing in a memory of at least one computing device a key distributor configured to creation and distribution of at least one encryption key used for data encryption, implemented in the memory of at least one computing device of at least one key file, bound to at least one registered user and having a key field containing a pseudo-random byte string and a unique hash function value used for the key file binding to at least one user, formation of a set of basic symbols, randomly selected from key field, wherein the base symbols set is a subset of the key fields; generating an encryption key by entering basic symbols into the encryption algorithm, receiving data to be encrypted, and the data encryption using an encryption key.EFFECT: efficient data encryption.18 cl, 10 dwg

ethod of steganographic additional information implementation to samples of digital sound signals // 2618379
FIELD: electricity.SUBSTANCE: in this method the encrypted concealed information in a binary form is bit-implemented into the samples by replacing the sample bit with the concealed bit of the additional information, samples are used only with a large absolute digital code value, implementing is produced not only in the least significant bits of samples, but in the most significant bits used for the additional information implemention into the sound channels, the number of the sample bits, the interval between the samples used for implemention, and the sequence of the additional information bit implemention into the samples are selected according to the secret pseudo-random key and the psychophysical characteristics of human hearing.EFFECT: increasing the cryptographic strength of the implemented additional information.8 dwg, 1 tbl

ethod of producing analogue-digital signature in trusted environment and device therefor // 2616888
FIELD: physics, computer engineering.SUBSTANCE: invention relates to information security. Disclosed is a method, comprising obtaining, from a computer, digital text of an electronic document and a clip of a handwritten signature of a user which is input using a stylus, and transmitting same to a microcontroller, where the microcontroller vocalises the text and outputs a synthesised audio signal to a speaker, obtaining from inertial sensors data on movement of the stylus when inputting the handwritten signature of the user and transmitting same to the microcontroller, where the microcontroller compares the clip of the handwritten signature of the user input by the stylus with data on the movement of the stylus when inputting the handwritten signature of the user and determining whether data from the inertial sensors matches the digital clip of the signature, in case of a positive comparison result and after completing vocalisation of the text, the trusted environment is considered provided and the microcontroller performs cryptographic operations of superimposing the digital signature on the digital clip of the handwritten signature and the digital electronic document using a secret key of the digital signature, the result is returned to the computer in the form of a digital signature.EFFECT: invention improves reliability when signing a document with an analogue-digital signature.6 cl, 2 dwg
ethod of secure information transmission with code division in video data // 2616869
FIELD: physics, communication.SUBSTANCE: invention is intended for the secure information exchange in the video data structure between two or more subscribers. To provide this, preprocessing the embedded data, including the modulation by mutually orthogonal signals of Franc-Krestensen providing code division for different subscriber pairs; conducting the image-container compression operations by JPEG standard (MPEG-2 for moving images), and the representation of the obtained quantized coefficients of discrete cosine transformation (DCT) in a binary form; embedding the data of hidden transmitted messages by means of replacing a pair of bit of DCT coefficients of the image container, and the use of correlation processing method of hidden messages for their retrieval.EFFECT: invention enhances the efficiency of the video transmission system and increases the number of the secure information exchange subscribers.2 dwg

System and method for encryption during webpage transmitting to the user application // 2614928
FIELD: information technology.SUBSTANCE: method for encryption during webpage transmitting to the user application, in which: using a proxy server, the webpage of the site is received, located on a remote server; using a proxy server, the webpage is transmitted to the encryption tool; using the encryption tools, elements contained in the webpage are defined, where the elements are, at least: a text box, "button" field, data input field, file reference and hyperlink; using the encryption tool, program code is encripted of at least one specific webpage element; with JavaScript module, a JavaScript script is create containing the encrypted program code of the webpage elements received from the encryption tool; with JavaScript module, the webpage is modified by adding and the created JavaScript script and removing of the webpage elements code that was encrypted; using a proxy server the modified webpage is transmitted to the user application.EFFECT: increased protection level of information contained on the webpage by encrypting the said information during transmission of the said webpage to the user application.8 cl, 5 dwg

Protection under provision of mobility between mbms servers // 2614369
FIELD: information technology.SUBSTANCE: in the method, the user terminating device activates new streaming server to generate new security keys set individually for the user. The said activation includes starting the boot process of the overall boot architecture for the said new streaming server, reception in the user terminating device from the said new streaming server of a new security key, set individually for the new streaming server; generationn in the user terminating device of individually set user security keys said for the said new streaming server and use by the new user terminating device of the new individually set user security keys generated in the user terminating device, with the new streaming server for previously installed streaming service.EFFECT: ensuring generation of new security keys.45 cl, 6 dwg

ethod for forming key of encryption/decryption // 2613845
FIELD: physics.SUBSTANCE: method for forming the key of encryption/decryption provides simultaneous forming the source sequence on the side of the first communication network correspondent and the preliminary sequences on the sides of the second and the third correspondents, encoding the first preliminary sequence, isolating a block of testing symbols therefrom, simultaneous transmitting it over the communication channels without errors to the first and the third correspondents, simultaneous forming the decoded sequences of the first and the third correspondents, forming the sequence hashing function by the first correspondent, simultaneous transmitting it through direct communication channels without errors to the second and the third correspondents and simultaneous forming the keys of encryption/decryption with all correspondents by hashing the first preliminary and the decoded sequence according to the sequence hashing function formed on the side of the first correspondent.EFFECT: increasing resistance of the generated encryption key, decryption for the communication network including three correspondents, to the compromise on the part of the offender.11 cl, 44 dwg

Personality remote identification system during electronic signature generation // 2613033
FIELD: electronics.SUBSTANCE: invention relates to client electronic signature generation techniques. Disclosed is physical person remote identification system to generate remote electronic signature. System contains connected by means of Internet telecommunication network processing center, client terminal for instant messaging between certification center and client, at least, one operator automated workstation, at least, one remote clients requests terminal with service provision request interface, equipped with visual and audio information exchange devices. Processing center comprises identification module and verification module. Remote terminal is equipped with electronic signature certificate on material medium recording unit and electronic signature issue unit. Processing center server contains electronic signature generating unit.EFFECT: technical result is enabling simultaneous identification, verification and obtaining digital electronic signature key by client during remote identification.5 cl, 1 dwg
 
2550906.
Up!