Key distribution (H04L9/08)

Device of quantum cryptography (versions) // 2622985
FIELD: physics.SUBSTANCE: quantum cryptography device includes a radiation source, a first fiber beam splitter, a fiber interferometer, a second fiber beam splitter, a first phase modulator, a third fiber beam splitter, a detector, an attenuator, a delay line, a polarization filter, a second phase modulator, a fiber mirror and a single photon detector. The elements listed above are interconnected by means of an optical fiber that preserves the polarization state.EFFECT: increasing the stability of the work of the device of quantum cryptography due to the conservation of the polarization state along the whole way of the optical path.26 cl, 7 dwg
Quantum key distribution network // 2621605
FIELD: physics.SUBSTANCE: quantum key distribution network that includes, at least, two local area networks with quantum key distribution, united by the fiber-optic communication channel. Each of the aforementioned local area network contains, at least, one server and, at least, one client part. The server includes, at least, one passing server part and, at least, one supporting client part, logically associated with the transmitting part of the node.EFFECT: creating a network with a possibility of reconfiguration, as well as possessing greater survivability in the event of a single node loss.4 cl, 4 dwg, 3 tbl

Key joint usage device and the system for its configuration // 2621182
FIELD: radio engineering, communication.SUBSTANCE: system for the network device configuring for the key joint usage, containg: means for obtaining the key material for getting personal module in electronic form (122, p1), the open module (110, N) and the symmetric polynomial (124, f1) from two variables, having integral coefficients, at that the binary representation of the open module and the binary representation of the individual module are identical in at least in consecutive bits of the key length (b), generator (200) for generating the local key material for the network device, containing: network devices control means (250) to obtain the identification number (A) in electronic form for the network device and for the electronic storing of the generated local key material in the network device and storing the open module in the network device, and the polynomial manipulation device (240) to determe the polynomial from one variable from the polynomial from two variables by substituting the identification number in the polynomial from two variables, reduction of the substitution result according to the personal module.EFFECT: security provision between two network devices by key joint usage.14 cl, 6 dwg
Data encryption system and methods // 2619895
FIELD: information technology.SUBSTANCE: data encryption method comprises the steps of: implementing in a memory of at least one computing device a key distributor configured to creation and distribution of at least one encryption key used for data encryption, implemented in the memory of at least one computing device of at least one key file, bound to at least one registered user and having a key field containing a pseudo-random byte string and a unique hash function value used for the key file binding to at least one user, formation of a set of basic symbols, randomly selected from key field, wherein the base symbols set is a subset of the key fields; generating an encryption key by entering basic symbols into the encryption algorithm, receiving data to be encrypted, and the data encryption using an encryption key.EFFECT: efficient data encryption.18 cl, 10 dwg

Protection under provision of mobility between mbms servers // 2614369
FIELD: information technology.SUBSTANCE: in the method, the user terminating device activates new streaming server to generate new security keys set individually for the user. The said activation includes starting the boot process of the overall boot architecture for the said new streaming server, reception in the user terminating device from the said new streaming server of a new security key, set individually for the new streaming server; generationn in the user terminating device of individually set user security keys said for the said new streaming server and use by the new user terminating device of the new individually set user security keys generated in the user terminating device, with the new streaming server for previously installed streaming service.EFFECT: ensuring generation of new security keys.45 cl, 6 dwg

ethod for generating pseudorandom sequence, and method for coding or decoding data stream // 2609098
FIELD: information technology.SUBSTANCE: invention relates to encoding and decoding data stream. Message encoder, suitable for implementing a method for encoding a data stream to transmit said data by means of an encoded stream, in which coding is a result of comparing data stream to a second data stream, formed by a pseudorandom sequence means of an exclusive comparison operation (XOR), wherein generation of pseudorandom sequence is performed by a method for generation of a pseudorandom sequence, performing following steps: a) providing a differential equation with initial value x'=f(x, t), b) providing initial value for a differential equation x0=x(t0), c) providing an integration step δt for differential equation for time discretisation tk=t0+k⋅δt, k=1, 2, 3, …, d) performing numerical integration of differential equation of initial value and with step δt to obtain approximation to solution xk=x(tk), e) generating a first sequence of values by means of sampling values of xk, presented in numerical form with floating point in form 0,d0d1d2d3d4...dr...dw⋅10e, where e is exponent, w is length of mantissa, d0 is most representative digit of mantissa and dr -certain digit, such that it and all digits to its left of approximation to solution xk coincide with exact value of solution of differential equation, f) generating pseudorandom sequence with digits di...dr from a selection of sequence of values xk wherein i is a predetermined integer value verifying 0<i≤r, g) pseudorandom sequence expands into a sequence with a large number of elements in accordance with following steps, of: predetermining a positive integer value DIM, constructing two vectors V1 and V2 of integers with dimension DIM from pseudorandom sequence, constructing an expansion matrix Me with dimension DIM⋅DIM from product V1⋅V2T, where V2T is transposed vector V2, generating expanded sequence by concatenating rows of matrix Me.EFFECT: technical result is effective protection of data stream.15 cl, 4 dwg, 1 tbl

Secure access to personal health records in emergency situations // 2602790
FIELD: data protection.SUBSTANCE: invention relates to protection of data. System includes a server system, user terminal and hardware marker to ensure secure access to recorded data. Server system comprises storage means (1) for storing a plurality of data records, data record (2) having associated therewith sequence of secrets (14) shared with hardware token (60) corresponding to data record (2), wherein server system (100) further being arranged for storing user authentication information (3). Proposed is user authenticating means (10) for receiving authentication credentials (11) for user authentication from user terminal (200) and authenticating the user as an authorized user, based on authentication credentials (11) of the user and stored authentication information (3). Proposed is secret-receiving means (9) are provided for receiving a representation of secret (13) revealed by hardware token (60) and information identifying the data record corresponding to the hardware token from the terminal. Disclosed is marking means (12) for marking unused secret (s3) as used.EFFECT: providing secure access to recorded data.12 cl, 4 dwg

anagement of group secrets by group members // 2596597
FIELD: information technology.SUBSTANCE: invention relates to encryption. Method of adding a new device to a device group, device group including a plurality of devices, wherein each device in device group possesses a device group key and device keys of all other devices in device group for encryption of messages, except its own device key, wherein method includes establishing a secure connection between new device and a first device in device group. Sending, by first device, device group key and device keys of all other devices in device group to new device; distributing, by one of other devices, device key of first device in device group to new device; generating and distributing, by one of devices in device group, a device key of new device to all other devices in device group.EFFECT: technical result is effective protection of connection of group of devices owing to use of special key of group known to all group devices.19 cl, 7 dwg, 7 tbl

ethod for arithmetic encoding with encryption // 2595953
FIELD: cryptography.SUBSTANCE: invention relates to telecommunication and information technology, specifically, to equipment for cryptographic protection of redundant binary information during data exchange over public transmission channels. Method for arithmetic encoding with encryption includes steps of: at transmitting side from sender receiving next part of binary information sequence, calculating values of first and second coding frequency counters in accordance with previously generated key and binary information sequence, setting value of first and second coding registers in accordance with values of first and second coding frequency counters, calculating arithmetic coding of next part of binary information sequence, specifying value of first and second coding registers, encrypting next part of encoded sequence taking into account previous values of first and second coding registers, at receiving side receiving next part of encrypted sequence, decoding same taking into account previous values of first and second coding registers, calculating values of first and second decoding frequency counters in accordance with key and received binary information sequence, setting values of first and second decoding registers in accordance with values of first and second decoding frequency counters, performing arithmetic decoding of next sequence which is transmitted to recipient. Invention can be used to provide confidentiality of compressed redundant binary information, transmitted in modern information-telecommunication systems.EFFECT: efficient arithmetic coding with encryption of redundant binary information sequence with increase of degree of redundancy of encrypted information.3 cl, 12 dwg

ethods and devices for domain service // 2587419
FIELD: information technology.SUBSTANCE: invention relates to domain management. Domains comprise a plurality of member devices, and method comprises the steps of: storing (S500, S501), by a first domain manager (M1), domain management information (P1, P2, P3, P4 and P5) in said plurality of member devices; and obtaining (S510, S511), by a second domain manager (M2), said domain management information from at least one of said plurality of member devices.EFFECT: reduced operating load at domain management centre.6 cl, 6 dwg

anagement of synchronized symmetric key to protect data exchanged between communication nodes // 2584504
FIELD: data protection.SUBSTANCE: invention relates to the protection of data exchanged between the communication nodes. Method of use of security keys for the protection / deprotection of data exchanged between communication nodes comprises: protection by the first communication unit of data to be sent to one or more second communication units based on a predetermined security key and deprotection by each of the second communication nodes protected data received from a first communication node on the basis of said predetermined security key synchronization by each communication unit respective binding to an internal time reference to the universal time so as to receive the respective binding to the synchronous time, and extracting means for each communication node, a predetermined key protection based on binding to a respective synchronous time of the same ordered sequence of security keys, each of which must be used in the respective time interval of confidence.EFFECT: technical result - the protection of data exchanged between the communication nodes.14 cl, 8 dwg

External authentication support via unsecured network // 2575682
FIELD: physics, computer engineering.SUBSTANCE: invention relates to computer engineering. A method of supporting external authentication via an unsecured network, which includes generating a first authentication request for authenticating user equipment in a communication network which provides connectivity for the user equipment via an unsecured access network, wherein the authentication request is an authentication request of a key information exchange mechanism and contains authentication data; sending the first authentication request for authenticating the user equipment in the communication network based on the authentication data; generating, after authentication in the communication network, a second authentication request for authenticating the user equipment in a packet data network external to the communication network, and sending the second authentication request; wherein the first authentication request precedes a message sent between the user equipment and the communication network, indicating that serial multiple authentication is supported.EFFECT: enabling transfer of user account data between user equipment, using unsecured access, and a backbone network.22 cl, 4 dwg

Communication system, communication device, communication method and computer programme // 2574356
FIELD: radio engineering, communication.SUBSTANCE: invention relates to data transmission. Content usage device periodically transmits an exchangeable key and a corresponding key identifier using a command. A content providing device stores an exchangeable key only after receiving an identifier of said key with a given receiving cycle. If such periodic reception of the key identifier does not occur, the content providing device deletes the corresponding exchangeable key. Further, upon receiving a command containing the identifier of the deleted key, the content providing device returns a response containing information indicating that the exchangeable key has become invalid.EFFECT: enabling transmission of the same content with multiple devices.10 cl, 11 dwg, 2 tbl

ethod of generating private keys using time-entangled photon pairs // 2566335
FIELD: physics.SUBSTANCE: invention relates to quantum cryptography and more specifically to methods of generating private keys using time-entangled photon pairs. The method of generating private keys using time-entangled photon pairs includes allocating, between two private key transmission participants, photons from time-entangled photon pairs, converting said photons with interferometers of the participants, detection thereof with single-photon detectors and processing the measurement results with a computer, which includes communication between participants over a public link. Further, the method includes establishing a time interval coordinated between the participants, dividing the time interval into M equal subintervals and determining subintervals during which single-photon detectors of the participants are triggered, after which the number of said subintervals is used as key elements.EFFECT: faster allocation of private keys between communication participants and longer range of transmitting private keys.2 cl, 1 dwg

Apparatus and method for signalling enhanced security context for session encryption and integrity keys // 2555227
FIELD: physics, computer engineering.SUBSTANCE: invention relates to security context signalling. A method for establishing a first security context between a remote station and a serving network, the first security context having a security property that is not supported by a second security context, the method comprising: the remote station forwarding a first message to the serving network, wherein the first message includes an information element; the remote station generating an integrity session key and an encryption session key in accordance with the first security context; the remote station receiving a second message having a message authentication code indicating that the serving network supports the first security context; the remote station verifying the message authentication code using the integrity session key; and the remote station, in response to successful verification of the message authentication code, performs wireless communication protected by the encryption session key.EFFECT: providing signalling on support of an improved security context.31 cl, 8 dwg

ethod of protecting multimedia content and service // 2544759
FIELD: physics, computer engineering.SUBSTANCE: invention relates to multimedia content protection. A method of protecting content (6) scrambled using a content key CW transmitted encrypted by a content access key K, characterised by that said content is transmitted by a transmission system to at least one receiving terminal (4) using a service, provided locally in said receiving terminal using a set of properties Pi, i ranges from 1 to n, known for the transmission system, where each of said properties Pi is represented by a data element xi recorded in said data transmission system, and using a local data element yi with local access, intended only for reading in said terminal, and during transmission, said method comprises a step of super-encrypting said content key CW using at least one invertible super-encryption function fi(xi), which depends on at least one of the properties Pi, i ranges from 1 to n, and upon reception, the value of said super-encrypted content key CW is disclosed by applying to said super-encrypted content key CW an inverse super-encryption function fi−1(yi) corresponding to the property Pi.EFFECT: efficient protection of multimedia content from illegal redistribution.9 cl, 3 dwg

ethod of transmitting and receiving multimedia content // 2541923
FIELD: information technology.SUBSTANCE: method includes steps of: a transmitter using an operating key and an encryption algorithm executable code in a virtual mother card to encrypt a control word CWt to obtain a cryptogram CWt*, using a syntax constructor executable code in the virtual mother card to generate an ECM (Entitlement Control Message) that incorporates the cryptogram CWt*, and transmitting said ECM to a terminal; the terminal receiving the ECM, determining the location of the cryptogram CWt* in the received ECM using syntax analyser executable code and then decrypting the cryptogram CWt* using the operating key and the encryption algorithm.EFFECT: safer data transmission.14 cl, 6 dwg

ethod of controlling decoders of at least one group of decoders having access to audiovisual data // 2541914
FIELD: radio engineering, communication.SUBSTANCE: invention relates to a broadcast encryption method. The technical result is achieved through a method of controlling decoders of at least one group of decoders, having access to audiovisual data, wherein the method comprises the following steps: at a step when the decoder should become a member of a group: obtaining and storing keys relating to a certain position in the group according to the broadcast encryption scheme; obtaining and storing current group access data containing at least the current group access key which is common for said group at the step of accessing the audiovisual data: using the current group access data for direct or indirect access to audiovisual data, at the step of updating the current group access key: transmitting a first group message containing at least the next group access data containing at least the next group access key encrypted such that only uncancelled decoders can gain access thereto, wherein said group message is further encrypted by the current group access key (CGK); updating the current group access key using the next group access key.EFFECT: high efficiency of controlling access to broadcast content for a large number of subscribers by controlling access only based on keys.5 cl, 4 dwg

ethod and system for secure transmission of audiovisual content // 2541867
FIELD: physics, computer engineering.SUBSTANCE: invention relates to computer engineering. The invention can be implemented in a conditional access content broadcast system where it is desirable to identify and take measures against receiving equipment, applied when sharing control words. Owing to the requirement that receiving equipment used in the system transmits to a transmission station a conditional access content message at a precisely defined time, the invention provides a method through which a server identifies receiving equipment participating in the sharing of control words and prevents said receiver from further accessing said content.EFFECT: effective protection of transmitted content.12 cl, 2 dwg

Chipset function activation method and chipset // 2541866
FIELD: physics, computer engineering.SUBSTANCE: invention relates to cryptography. A chipset function activation method includes: receiving at least one of the following elements: a segmentation key, a general purpose key and a global cryptographic algorithm selector; transmitting at least two of the following elements: an initial value, the obtained segmentation key, the general purpose key and the global cryptographic algorithm selector to a computation module, wherein the initial value, the obtained segmentation key, the general purpose key and the global cryptographic algorithm selector are provided by at least two different organisations; generating in the computation module a temporary key using one of the following elements: at least one cryptographic algorithm of the computation module and at least two elements selected from a group including the initial value, the segmentation key, the general purpose key and the global cryptographic algorithm selector; receiving an activation message using the computation module; receiving an authentication code of said message using the computation module, wherein said message authentication code is calculated using the temporary key; authenticating said received message using the message authentication code and the temporary key; if the received message is authentic, activating the corresponding chipset function; if the received message is not authentic, prohibiting activation of said corresponding chipset function.EFFECT: effective chipset protection.11 cl, 1 dwg

ethods for decrypting, transmitting and receiving control words, recording medium and control word server to implement said methods // 2541190
FIELD: physics, computer engineering.SUBSTANCE: invention relates to information decryption methods. The method comprises steps of, in response to the absence in any of the terminals of one or more control words CWc for decrypting one or more multimedia content cryptoperiods, transmitting through said terminal to a control word server a request containing a cryptogram(s) of said one or more absent control words, and in response, transmitting by the control word server to said terminal said one or more absent control words, wherein the control word server selectively determines for each terminal the number of additional control words CWs intended for transmission to the terminal depending on the probability of compromising the protection of said additional control words, and besides the absent control words CWc, transmitting to said terminal said determined number of additional control words CWs, which enables the terminal to decrypt additional multimedia content cryptoperiods in addition to cryptoperiods decrypted using the requested absent control words CWc.EFFECT: ensuring secure transmission of control words.10 cl, 6 dwg

Information processing device, information processing method, operation terminal and information processing system // 2536364
FIELD: radio engineering, communication.SUBSTANCE: apparatus comprises: a unit which stores a key used for encrypting or decrypting data; a unit which receives a key transmission request including a key-dividing number via a wireless signal from an operation terminal; a unit which acquires a key transmission request from the wireless signal received by the reception section; a unit which determines a security level when transmitting the key to the operation terminal, as a transmission security level; a unit which determines a transmission power in accordance with the transmission security level determined by the security level determination unit and the key-dividing number included in the key transmission request acquired by the key transmission request acquisition unit; a unit which acquires each key fragment by dividing the key stored in the storage unit into the key-dividing number; and a unit which transmits the each key fragment acquired by the key acquisition unit using the transmission power determined by the transmission power determination unit, via a wireless signal to the operation terminal.EFFECT: safer data transmission.15 cl, 9 dwg

Network operation method, system control device, network and computer programme for said control // 2536362
FIELD: physics, computer engineering.SUBSTANCE: invention relates to a network operation method. A network comprises a node and a system control device. A system control device comprises a root key material which is a set of functions, each having a degree of complexity α, and a node is provided with a portion of key material of a node having a degree of complexity α extracted from the root key material. The system control device generates a portion of key material for an external user with a degree of complexity α from the root key material and generates an access identifier. The system control device generates access key material with a degree of complexity less than α from the portion of key material for the external user and generates a node identifier. The system control device provides the external user with a portion of access key material and the node identifier. The external user extracts a key from the portion of access key material and sends to the node said key and access identifier. The node calculates a key from the access identifier and the portion of node key material and compares the key sent by the external user and the key calculated by the node in order to identify the external user.EFFECT: improved security.14 cl, 4 dwg

ethod for secure communication in network, communication device, network and computer programme therefor // 2534944
FIELD: physics, computer engineering.SUBSTANCE: invention relates to methods of providing secure communication in a network. The method comprises: an administration device provided with root keying materials, and steps of: generating, by the administration device based on the root keying materials, parts of keying material of a first node containing a certain number of sub-elements, and parts of keying material of the first node, assembled for generating a first terminated key, the administration device selects a subset of sub-elements of the first parts of the keying material, wherein the number of selected sub-elements is less than or equal to the total number of sub-elements of the first parts of the keying material, and the selected sub-elements form partial parts of the keying material of the first node or a symmetrical key generation mechanism, the first node generates, based on the symmetrical key generation mechanism of the first node and on a second node identifier, a first key used to provide secure communication with a second node.EFFECT: more secure data transmission in a network.6 cl, 7 dwg

ethod for secure communication in network, communication device, network and computer programme therefor // 2528078
FIELD: physics, computer engineering.SUBSTANCE: invention relates to computer engineering and specifically to means of secure communication in a network. The method relates to secure transmission of information from a first node (N1) to a second node (N2) in a network, the first node comprising a first node keying material (KM(ID1)), the second node comprising a second node keying material (KM(ID2)), wherein the keying materials of the first node and of the second node comprise each a plurality of shared keying root parts formed by segments of the shared keying root parts. A communication network, having at least two communication devices, carries out said method.EFFECT: safer communication by dividing keys into segments for predistributed keying material according to a variable distribution.13 cl, 5 dwg

ethod of controlling access to set of channels for receiving or decoding device (versions) // 2519395
FIELD: physics, computer engineering.SUBSTANCE: invention relates to computer engineering. A method of controlling access to a set of channels using a receiver/decoder comprising a security module (SC), each channel being encrypted by a specific channel control word (CW1, CW2), each channel having a channel identifier and transmitting access control messages ECM containing at least the current channel control word and the channel access conditions. The method comprises the following steps: tuning to a first channel having a first channel identifier (ID1); transmitting the ID1 to the SC; receiving first access control messages ECM1 containing a first control word (CW1); transmitting the first access control messages ECM1 to the SC; decrypting the first access control messages ECM1 and verifying the channel access conditions; if the access conditions are met; transmitting the CW1 to the receiver/decoder; storing of the CW1 and the ID1 in the SC; tuning to a second channel having a second channel identifier ID2; transmitting the ID2 to the SC; calculating, by the SC, the second control word (CW2) by performing the following steps: calculating a root control word (RK) with an inverse cryptographic function F-1 using the CW1 and the ID1; calculating the CW2 with the cryptographic function F using the RK and the ID2; transmitting the CW2 to the receiver/decoder.EFFECT: reducing channel switching time when a user selects another channel.9 cl, 3 dwg

Cryptographic secret key distribution // 2517408
FIELD: radio engineering, communication.SUBSTANCE: invention relates to distribution of a cryptographic secret key between a transmitting side and a receiving side. An apparatus for secure reception and transmission of data comprises a key generation controller and a unit for providing the number of iterations.EFFECT: facilitating automatic control of security and latency for generating a cryptographic secret key by setting a number of iterations, based on which the number of messages to be exchanged while generating the cryptographic secret key is controlled.11 cl, 17 dwg

Wireless communication device, wireless data transmission system and wireless data transmission method // 2517059
FIELD: radio engineering, communication.SUBSTANCE: invention relates to a wireless communication device. The device includes: a plurality of communication modules for transmission, which are adapted to modulate and transmit a transmission object signal; the communication modules for transmission include at least one communication module for transmission in which a modulation method is employed, which is different from the modulation method employed in another communication module(s) for transmission.EFFECT: transmitting a signal appropriately even with low carrier frequency stability.20 cl, 78 dwg

Optical network terminal management control interface-based passive optical network security enhancement // 2507691
FIELD: radio engineering, communication.SUBSTANCE: network component having a processor connected to memory and configured to exchange security information using a plurality of attributes in a management entity (ME) in an optical network unit (ONU) via an ONU management control interface (OMCI) channel, wherein the ME supports a plurality of security functions that protect upstream transmissions between the ONU and an optical line terminal (OLT). Also included is an apparatus having an ONU configured to connect to an OLT and having an OMCI ME, wherein the OMCI ME has a plurality of attributes that support a plurality of security features for upstream transmissions between the ONU and the OLT, and wherein the attributes are transmitted via an OMCI channel between the ONU and the OLT and provide the security features for the ONU and the OLT.EFFECT: high security of data transmission in PON systems.20 cl, 5 dwg, 6 tbl

ethod for quantum encoding and transmission of cryptographic keys // 2507690
FIELD: radio engineering, communication.SUBSTANCE: quantum cryptographic system not only enables to detect any attempts at intruding into a communication channel, but also guarantees unconditional secrecy of transmitted cryptographic keys under the condition that an error at a receiving station in primary keys does not exceed a certain critical value. The method involves generating polarisation states at a receiving/transmitting station for a series of classic synchronising laser pulses using a polarisation controller in one arm of an interferometer and a polarisation controller at the output of the interferometer, which facilitate interference balancing of the interferometer; after reflection from a mirror in a transformation station, a series of single-photon states is detected at the transmitting/receiving station and the obtained photocount statistics are used to calculate the permissible error, which is then compared with a certain error threshold to obtain a cryptographic key known only at the transmitting/receiving and transformation stations.EFFECT: wider range of possible distortions of polarisation of laser and single-photon pulses when transmitting keys between transmitting/receiving and transformation stations, in which is guaranteed the secrecy of cryptographic keys and the lifting of the condition of using a special Faraday mirror.2 dwg

ethods and apparatus for authentication and identification using public key infrastructure in ip telephony environment // 2506703
FIELD: radio engineering, communication.SUBSTANCE: invention relates to authentication methods and specifically to methods and an apparatus for authentication of subscribers in IP telephony networks. The technical result is achieved due to that the disclosed method for authentication through a user device when attempting to access an IP telephony network comprises steps of: obtaining one or more private keys of said user from secure memory associated with said user device; generating an integrity key and a ciphering key; encrypting said integrity key and said ciphering key using a session key; encrypting said session key with a public key of said IP telephony network; and providing said encrypted session key, encrypted integrity key and encrypted ciphering key to said IP telephony network for authentication using a public key infrastructure (PKI) coupled with an authentication and key agreement (AKA) mechanism.EFFECT: more secure communication.7 cl, 4 dwg

Creating and validating cryptographically secured documents // 2500075
FIELD: information technology.SUBSTANCE: entity having namespace ownership rights may create a document in an authorised namespace and sign the document with a private key. Other entities may validate that the document was created by an authorised namespace owner by using a public key available in security data associated with a parent document of the document. For a root document, the public key may be available from a directory service. A namespace owner may change the namespace owner(s) that are allowed to create children of a document.EFFECT: protecting documents from unauthorised access.20 cl, 9 dwg

Secure authenticated channel // 2488226
FIELD: radio engineering, communication.SUBSTANCE: there are two peers with knowledge of a common Diffie-Hellman permanent key, Kperm, and the identity and public key of the other peer. A first peer chooses a first ephemeral private key x and calculates the first corresponding ephemeral public key gx, which is sent to the second peer. The second peer calculates a second ephemeral public key gy in the same manner, and an ephemeral shared key Keph, hashes gy, Keph, Kperm, and its identity, and sends gy and the hash to the first peer. The first peer calculates Keph, verifies the hash, and hashes gx, Keph, Kperm, and its identity, and sends it to the second peer that verifies this hash. Thereafter, both peers obtain a session key by hashing Keph. The apparatus may then use the session key to establish a secure authenticated channel (SAC).EFFECT: high cryptographic robustness of a secure authenticated channel.5 cl, 1 dwg

Generation of cryptographic key // 2480925
FIELD: radio engineering, communication.SUBSTANCE: method of cryptographic key (120) generation is proposed for protection of communication between two objects (202, 204), besides, this method is performed by the first object (202, 302) as a part of a distributed safety operation initiated by the second object (202, 304), and includes stages, when: at least two parameters (106, 108) are provided (306), of which the first parameter (106) contains or is produced from a row of cryptographic keys (110, 112), calculated by the first object (202) when performing the safety operation, and the second parameter contains or its produced from a marker (116), having a different value at each initiation of the safety operation by the second object (204, 304) for the first object (202, 302); and a key production function is applied (308) to generate a cryptographic key (120) on the basis of the provided parameters (106, 108). Besides, the market (116) contains the excluding OR of the serial number <SQN> and anonymity key <AK>.EFFECT: improved safety of communication.20 cl, 10 dwg

Information processing device, control method realised by information processing device, data medium and program // 2470469
FIELD: physics, computer engineering.SUBSTANCE: invention relates to information processing and specifically to an information processing device for policy information (PI) to be registered. The technical result is achieved due to that the device includes: a registration module (RM) which registers policy information units (PIU) in a data storage module (DSM) according to the priority order, each PIU including a communication partner device (CPD) address and key information used for communication with the CPD; a selection module which selects from the DSM any PI to be used for communication with the CPD according to the CPD address and the priority order of the PIU; and a control module which can organise, if the CPD address from PI to be registered by the RM is included in the CPD address from PI already registered in the DSM of memory, registration of IP to be registered so that the priority order of the PI to be registered is set lower than the priority order of PI whose address includes the CPD address from PI to be registered.EFFECT: easier use.14 cl, 26 dwg

ethod and device for use in telecommunications system // 2466503
FIELD: information technologies.SUBSTANCE: used in an object (13) of mobility control, MME, a deployed package system, EPS, establishment of a safety protection key, K-eNB, for protection of RRC/UP traffic between user equipment (11), UE, and a node (12) eNodeB, servicing a TJE, the method including stages, where: - a service request (32, 52) NAS is received from UE, a request indicating a sequence number of upperlink to NAS, NAS-U-SEQ; - a security protection key (33, 53) is received, K-eNB, at least from the specified received NAS-U-SEQ and from the stored key-object of access safety control, K-ASME, used jointly with the specified UE; - the specified received K-eNB (34) is sent to the unit (12) eNodeB, servicing the specified UE.EFFECT: reduction of load at data transfer in a network.23 cl, 7 dwg

System, device and method of wireless data transfer // 2464718
FIELD: information technologies.SUBSTANCE: system of wireless data transfer comprises the following: a communication module designed for transfer; and a communication module designed for reception. Communication modules designed for transfer and reception are located in a body of one and the same electronic device, or the communication module designed for transfer is installed in the body of the first electronic device, and the communication module designed for reception is installed in the body of the second electronic device, and a wireless data transfer channel providing for possibility of wireless data transfer between communication modules is generated between communication modules, when the first and second electronic device are arranged in specified positions for integration with each other. The communication module designed for transfer comprises a module to generate the first carrier signal and the first frequency converter, and a communication module designed for reception includes a module to generate the second carrier signal, and the second frequency converter.EFFECT: reduced power consumption, effects of signal distortion, unwanted radiation.20 cl, 70 dwg

Providing digital identification presentations // 2463715
FIELD: information technology.SUBSTANCE: method of providing a digital identification presentation for a participant comprises steps for generating a first digital identification presentation descriptor and a second digital identification presentation descriptor according to a predetermined policy which determines which descriptors are available for a participant; sending the first and second digital identification presentation descriptors to the participant; receiving a request from the participant for at least the first digital identification presentation corresponding to the first digital identification presentation descriptor; forming at least the first digital identification presentation.EFFECT: high security.18 cl, 9 dwg

Wireless communication device, wireless data transfer system and method of wireless data transfer // 2459368
FIELD: information technologies.SUBSTANCE: wireless transfer device comprises the following: multiple communication modules for transfer, adapted to modulate and transfer a signal of a transfer subject; communication modules for transfer include a module or modules of communication for transfer, in which a method is accepted, which modulates amplitude, and a module or modules of communication for transfer, in which the modulation method is accepted, which modulates at least a phase or a frequency and requires lower transfer capacity compared to the transfer capacity in the method that modulates amplitude.EFFECT: reduced consumed power, increase of which is related to increased number of transmitted information and increased transfer speed.20 cl, 78 dwg

Device of quantum distribution of cryptographic key on modulated radiation frequency subcarrier // 2454810
FIELD: information technologies.SUBSTANCE: device for quantum distribution of a key on subcarrier frequencies of modulated radiation differs by the fact that in a receiving device an electric optic phase modulator in a receiving device is made of two electric optic phase modulators arranged along with radiation, control inputs of which are connected with the first and second output of a phase shift device accordingly, besides, the output of the first electric optic phase modulator is optically coupled with the output of the second electric optic phase modulator, downstream the modulators along with radiation there is a faraday mirror optically coupled with an input of the second electric optic phase modulator, and also an optical circulator is introduced, the first port of which is optically coupled with a fibre optic communication line, the second port is optically coupled with an input of the first electric optic phase modulator, the third port is optically coupled with a spectral filter, and the fourth port is optically coupled with an input of a single photon receiver, a synchronisation device has the third and fourth outputs, which are connected with synchronisation inputs of phase shift devices in receiving and transmitting devices accordingly.EFFECT: reduced coefficient of quantum errors, higher speed of transfer and increased extent of cryptographic key protection.2 dwg

Apparatus for processing coding based on packet coding algorithm // 2452112
FIELD: information technology.SUBSTANCE: apparatus for processing coding based on block coding algorithm comprises a key expansion block and a coding block. The key expansion block comprises a registering component of key expansion block data and at least one transform component of the key expansion block data. The coding block comprises a registering component of coding block data and at least one transform component of the coding block data. Wherein the number of transform components of the coding block data is the same as the number of transform components of the key expansion block data, being in one-to-one correspondence. A subkey output of every transform component of key expansion block data is connected to the corresponding subkey input of every transform component of coding clock data.EFFECT: consumed resources of an apparatus for processing coding is reduced.9 cl, 6 dwg

Terminal activation method // 2440683
FIELD: information technology.SUBSTANCE: method involves obtaining first encrypted activation information from an operator, obtaining second encrypted activation information from an authorised server, decrypting the first and second encrypted activation information using at least one encryption key assigned to a terminal and stored in the memory of a payment terminal, and using the first and second activation information to activate the payment terminal.EFFECT: preventing unauthorised access to information.9 cl, 2 dwg

Radio modem // 2439820
FIELD: radio engineering.SUBSTANCE: device comprises an analogue-digital converter (1), interfaces (2, 4, 14, 22, 27, 43, 46), a control unit (3), codecs (7, 51, 52, 53, 54, 55), antenna feeder units (5, 34), commutators (6, 9, 11, 33, 44), summators (8, 10, 41, 42), a packet device (12), a transmitting unit (13), frequency synthesisers (15, 21, 56, 47), registers (16, 17, 18, 19, 23, 29, 40, 49, 50), a generator of code sequences (20), units of cryptoprotection (24, 25, 38, 39), a clock pulse oscillator (26), shift registers (28, 57), an amplifying converter unit (30), a phased locked loop unit (31), a receiving unit (32), a unit of signal element identification (35), k comparison circuits (361 36k), a multiplexer (37), a digital to analogue converter (45), a comparator (48). In the device a packet is formed, transmitted and received, containing cryptographically protected information, using a combination code determined by the first and second pseudorandom numbers (PRN1 and PRN2) and synchrosequence, besides, every of two parts of the packet is modulated by different frequencies determined by the PRN2.EFFECT: provision of safe mode of operation with self-recovery of a radio network with packet transfer of data consisting of mobile subscribers in case of passive enemy attacks.6 dwg

ethod and device for joint use of secret information by devices in home network // 2437229
FIELD: information technologies.SUBSTANCE: according to the proposed method the previously specified initial information is transferred to the second device; a message is received, containing secret information coded with the help of the previously specified open key, from the second device; a secret key is generated, corresponding to an open key, on the basis of initial information and personal information, entered by a user into the first device in compliance with the previously specified IBE circuit (identification-based encoding); and secret information included into the message is decoded using a secret key, at the same time the open key is generated by the second device on the basis of initial information and personal information entered by a user into the second device in compliance with IBE circuit.EFFECT: improved efficiency of network.26 cl, 9 dwg

ethod of descrambling scrambled content data object // 2433548
FIELD: information technology.SUBSTANCE: in the method, a first key (24) is used to establish each channel key (24,27) and at least one cryptogram of data in message (33), received from a conditional access sub-system (3) over a data transmission channel is decrypted under an associated channel key. As a result of said decryption, at least one content descrambling key is obtained. At least part of the scrambled content data object (50a-50j) is descrambled by applying at least one decryption operation under a key (40,46) at least partly derivable from at least one a content descrambling key (37), and under a key, at least partly derivable from the first key (24).EFFECT: preventing imitation of a conditional access system.27 cl, 5 dwg

Systems and methods for determining time delay for sending key update request // 2432692
FIELD: information technology.SUBSTANCE: method for determining time delay for sending an update request between an authentication server and a node comprises steps on which a first update request is sent at the termination of a first random delay, first load data are received, a second update request is sent at the termination of a maximum update parameter received from the authentication server beforehand, second load data are received and the first load data are compared with the second load data. The next update time is adjusted if the first load data differ from the second load data.EFFECT: reduced load on authentication server.19 cl, 8 dwg

ethod of quantal coding and transmission of cryptographic keys // 2427926
FIELD: information technologies.SUBSTANCE: method of quantal coding and transmission of cryptographic keys, in which single-photon conditions are exposed to combined phase-time conversions on transmitting and receiving stations. On a receiving station, additionally to information ones, they generate reference time windows, a series of single-photon conditions is detected both in information and in reference time windows. Using produced statistics of photocounts, a permissible error is calculated in information time windows, and then compared to a threshold value of an error in information time windows to produce a cryptographic key, which is only known at transmitting and receiving stations.EFFECT: expansion of various errors range in transmitted keys at a receiving station.3 dwg, 4 tbl

Key allocation for secure messaging // 2425450
FIELD: information technology.SUBSTANCE: electronic message is encrypted using a symmetric key associated with the domain of the sending agent, and the symmetric key is encrypted using an open encryption key associated with another domain of the receiving agent, which is preferred by the message recipient, to obtain an encrypted version of the symmetric key which is decrypted by another gateway using an open verification key extracted by another gateway, and a secret key stored locally on another domain, wherein the secret key is a secret analogue of the open encryption key. Through the gateway on behalf of the sending agent, the encrypted version of the electronic message is then sent to the receiving agent through another gateway.EFFECT: high security of transmitted messages.13 cl, 4 dwg

Deterministic key pre-distribution and operational key management for mobile body sensor networks // 2420895
FIELD: information technology.SUBSTANCE: wireless network for monitoring a patient comprises a body sensor network that includes one or more wireless sensors connected to the patient that collect and transfer information related to the patient's health to the wireless network. A set-up server configures one or more wireless sensors with keying materials before one or more sensors are deployed to the wireless network. A base station distributes a key certificate to one or more sensors associated with the body sensor network, such that two sensors generate a unique pairwise key based at least in part on the pre-distributed keying material and the key certificate distributed by the base station.EFFECT: more secure connection.23 cl, 15 dwg

Systems and methods for reconnecting second node group with first node group using group common key // 2420894
FIELD: information technology.SUBSTANCE: according to the method for reconnecting a second node group with a first node group, a first status of a first key of the group associated with the first node group is established. The first status of the first key of the group is multicast to the second node group. The first key of the group is replaced by a second key associated with the second node group. A second status, which includes the second key of the group, is prepared and multicast to the second node group. A third status is established, which includes a third key of the group, associated with the first node group. An instruction for re-entering the key is multicast to the second node group if the third status differs from the second status. The second key of the group is replaced by the third key.EFFECT: high reliability of communication between node groups.20 cl, 7 dwg
 
2551394.
Up!