CN109245895B - System and method for detecting corrupted data - Google Patents
System and method for detecting corrupted dataDownload PDFInfo
- Publication number
- CN109245895B CN109245895BCN201810840630.8ACN201810840630ACN109245895BCN 109245895 BCN109245895 BCN 109245895BCN 201810840630 ACN201810840630 ACN 201810840630ACN 109245895 BCN109245895 BCN 109245895B
- Authority
- CN
- China
- Prior art keywords
- message
- mac
- data
- record
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034methodMethods0.000titleclaimsabstractdescription31
- 238000004364calculation methodMethods0.000claimsabstractdescription28
- 238000007689inspectionMethods0.000claimsdescription52
- 238000010276constructionMethods0.000claimsdescription44
- 230000015654memoryEffects0.000claimsdescription28
- 230000001010compromised effectEffects0.000claimsdescription13
- 238000009877renderingMethods0.000claims1
- 230000006870functionEffects0.000description30
- 238000012545processingMethods0.000description15
- 238000004458analytical methodMethods0.000description10
- 238000004422calculation algorithmMethods0.000description8
- 238000010586diagramMethods0.000description8
- 230000003287optical effectEffects0.000description7
- 238000012986modificationMethods0.000description6
- 230000004048modificationEffects0.000description6
- 230000008859changeEffects0.000description4
- 230000001419dependent effectEffects0.000description4
- 230000008569processEffects0.000description4
- 238000013500data storageMethods0.000description3
- 238000012217deletionMethods0.000description3
- 230000037430deletionEffects0.000description3
- 238000005516engineering processMethods0.000description3
- 238000010348incorporationMethods0.000description3
- 230000003993interactionEffects0.000description3
- 230000001133accelerationEffects0.000description2
- 230000006399behaviorEffects0.000description2
- 238000004891communicationMethods0.000description2
- 238000005259measurementMethods0.000description2
- 230000002093peripheral effectEffects0.000description2
- 241000699666Mus <mouse, genus>Species0.000description1
- 241000699670Mus sp.Species0.000description1
- 230000037424autonomic functionEffects0.000description1
- 238000007630basic procedureMethods0.000description1
- 238000004590computer programMethods0.000description1
- 238000007405data analysisMethods0.000description1
- 238000013480data collectionMethods0.000description1
- 238000011161developmentMethods0.000description1
- 230000000694effectsEffects0.000description1
- 239000000463materialSubstances0.000description1
- 230000004044responseEffects0.000description1
- 239000007787solidSubstances0.000description1
- 230000003068static effectEffects0.000description1
- 230000002123temporal effectEffects0.000description1
- 238000012795verificationMethods0.000description1
Images
Classifications
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Power Engineering (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
Description
RELATED APPLICATIONS
The application claims priority from russian application No. 2018104435 filed on 6.2.2018, which is incorporated herein by reference in its entirety.
Technical Field
The present invention relates to data storage technology, and more particularly, to a system and method for ensuring information security of data using a limited number of computing resources.
Background
With the popularity of various computing devices (personal computers, notebooks, smartphones, etc.) and in particular embedded systems (microcontrollers, data storage systems, etc.), the recent rapid development of computer technology has led to the use of such devices in various fields of activity and in a large number of tasks (from surfing the web to refrigerator control to collecting data from automotive sensors). In parallel with the growing number of computing devices being used, the amount of data processed by these devices has increased, which in turn ensures information security of the data collected and processed.
Using inaccurate or incomplete information can cause significant damage and financial loss. For example, in the banking industry, the replacement of user personal data may result in a loss of funds to bank customers. In the financial industry, inaccurate or incomplete information can result in billions of losses and paralyze the operation of stock exchanges. In the insurance industry, counterfeit information can lead to illegal payments and loss to the insurance company.
To ensure information security of data, i.e., to protect data from modification, deletion, or replacement, various techniques are currently being used, including data backup, symmetric and asymmetric encryption of data, noise-resistant encoding of data, and blockchain techniques.
For example, U.S. patent application publication No. 2003/0236992 describes a system for protecting data records (logs) from unauthorized modification. To validate each message from the record, a symmetric encryption key and a message authentication code are used. Each newly received message from the data record is encrypted based on the symmetric key calculated for the previously received message; to confirm the correctness of the message, a message authentication code is calculated and associated with the current message. This allows for determining any changes made to the record after processing the previous message and before processing the current message.
The above system can protect data from modification, deletion, or replacement, but only when sufficient computing resources are available (processor time, RAM, space on removable media, etc.). Furthermore, such solutions lack efficiency when the amount of computational resources or the time allowed for data processing is limited.
Therefore, a limited amount of computing resources need to be used to ensure information security of data.
Disclosure of Invention
Embodiments address the above-described problem to ensure information security of data using a limited number of computing resources.
In an embodiment, a system for detecting compromised data includes a computing platform comprising computing hardware of at least one processor and a memory operably coupled to the at least one processor; instructions that, when executed on a computing platform, cause the computing platform to: an encryption key construction tool configured to construct an initial pre-set key based on at least one characteristic of the encryption key construction tool and to construct an encryption key based on a previously constructed key; a Message Association Code (MAC) calculation tool configured to receive an initial preset key and an encryption key from an encryption key construction tool, intercept a first message related to an event and a second message related to the event, and sequentially generate MACs for the first message and the second message, wherein the MAC is generated for the first message based on the initial pre-key and the first message, and generating a MAC for the second message based on the encryption key for the second message and the data block constructed for the second message, the data block comprising the second message and the MAC generated for the first message, and wherein the previously constructed key for the second message is an initial preset key, writing a record to a data record, the record including the first message and the second message and the MAC generated for the second message, and writing a data record from the data record to a message library; an inspection determination tool configured to intercept the event based on a preset rule and determine whether to perform a data corruption inspection using the intercepted event and the message base data; and an inspection tool configured to analyze each record received from the inspection determination tool to determine whether the MAC in the record matches the expected MAC and to indicate data corruption when the MAC in the record does not match the expected MAC.
In an embodiment, a method for detecting corrupted data in a data record includes: sequentially computing MACs for a first message in a data record and a second message in a data record, wherein a MAC is generated for the first message based on an initial pre-set key and the first message, and a MAC is generated for the second message based on an encryption key for the second message and a data block constructed for the second message, the data block including the second message and the MAC generated for the first message, and wherein a previously constructed key for the second message is the initial pre-set key; writing a record to a message database, the record including the first and second messages and the MAC generated for the second message; analyzing each record to determine if a MAC in the record matches an expected MAC; and indicating data corruption when the MAC in the record does not match the expected MAC.
In an embodiment, a system for detecting compromised data in a vehicle data record comprises: a vehicle comprising at least one vehicle sensor engine configured to detect a first characteristic of the vehicle at a first time and write a first message comprising the first characteristic of the vehicle and a first timestamp corresponding to the first time to the vehicle data record and a second characteristic of the vehicle at a second time and write a second message comprising the second characteristic of the vehicle and a second timestamp corresponding to the second time to the vehicle data record, at least one processor and a memory operatively coupled to the at least one processor, the memory comprising instructions that, when executed on the at least one processor, cause the at least one processor to implement a Message Association Code (MAC) calculation tool configured to sequentially generate MACs for the first message and the second message, wherein the MAC is generated for the first message based on the initial pre-key and the first message and a MAC is generated for a second message based on an encryption key for the second message and a data block constructed for the second message, the data block comprising the second message and the MAC generated for the first message, and wherein a previously constructed key for the second message is the initial pre-key, writing a record to a data record, the record comprising the first and second messages and the MAC generated for the second message; and a server operatively coupled to the vehicle and comprising a message library configured to store data records, at least one server processor and a server memory operatively coupled to the at least one server processor, comprising instructions that, when executed on the at least one server processor, cause the at least one server processor to implement a check determination tool configured to receive the first message or the second message and to use the received message and the data records to determine whether to perform a data corruption check; and an inspection tool configured to analyze each data record received from the inspection determination tool to determine whether a MAC in the data record matches an expected MAC and to indicate data corruption when the MAC in a data record does not match an expected MAC.
The above summary is not intended to describe each illustrated embodiment or every implementation of the subject matter thereof. The figures and the detailed description that follow more particularly exemplify various embodiments.
Drawings
The subject matter of the present invention may be more completely understood in consideration of the following detailed description of various embodiments in connection with the accompanying drawings, in which:
FIG. 1 is a block diagram of a system for detecting compromised data, according to an embodiment.
Fig. 2 is a flow diagram of a method for detecting corrupted data according to an embodiment.
FIG. 3 is a block diagram of a system for detecting damaged vehicle data, according to an embodiment.
FIG. 4 is a block diagram of a computer system configured to implement an embodiment.
While various embodiments are amenable to various modifications and alternative forms, specifics thereof have been shown by way of example in the drawings and will be described in detail. It should be understood, however, that the intention is not to limit the claimed invention to the particular embodiments described. On the contrary, the intention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the subject matter as defined by the appended claims.
Detailed Description
It is an object of embodiments described herein to ensure information security of data. The technical result of the present invention is to determine the occurrence of any corrupted data by analyzing the difference between MACs (message association codes) calculated based on the data.
Accordingly, a technical result is achieved by using a data corruption determination system, which in an embodiment comprises a MAC calculation tool configured to sequentially calculate a MAC for each selected message from a data record comprising at least two messages; calculating the MAC includes: for a first selected message, calculating a MAC based on a pre-set encryption key and the selected message; for each subsequent message following the first selected message, constructing an encryption key based on the encryption key constructed for the previously selected message; constructing a data block based on the selected message and the MAC computed for the previously selected message; calculating a MAC based on the constructed encryption key and the data block; writing a record (record) containing the last calculated MAC and all selected messages to the message library; an inspection determination tool configured to: intercepting an event matching a preset rule, the event occurring when a message is recorded in a data record; determining whether it is necessary to perform a check for data corruption based on the intercepted event and then transmitting selected records from the message library to a checking tool; an inspection tool configured to analyze the record, comprising: sequentially calculating a MAC for each message contained in the received record, including: for the first message, calculating a MAC based on a preset encryption key and the selected message; for each subsequent message following the first message, constructing an encryption key based on the encryption key constructed for the previously selected message; constructing a data block based on the selected message and the MAC computed for the previously selected message; calculating a MAC based on the constructed encryption key and the data block; comparing the calculated MAC to the MACs contained in the selected record; if the calculated MAC does not match the MAC contained in the selected record, it is determined that the data is corrupted.
In an embodiment, the data record analysis tool and the message library interaction tool operate on the client side, while the message library interaction tool, the record analysis tool, and the determination tool operate on the server side.
In an embodiment, the data corruption determination system uses a cryptographic hash function (cryptographic hash function) to construct the encryption key.
In an embodiment, the message library interaction tool saves the record to the message library upon request.
In an embodiment, a method for determining compromised data includes a process performed using a tool from a data corruption determination system. For example, the processing may include sequentially calculating a MAC for each selected message from a data record containing at least two messages; for this purpose, for a first selected message, a MAC is calculated based on a preset encryption key and the selected message; for each subsequent message following the first selected message, constructing an encryption key based on the encryption key constructed for the previously selected message; constructing a data block based on the selected message and the MAC computed for the previously selected message; calculating a MAC based on the constructed encryption key and the data block; a record containing the last calculated MAC and all selected messages is saved to a message library; performing an analysis of each selected record from the message library, for which purpose a first MAC calculation phase is performed sequentially for each message contained in the selected record; comparing the calculated MAC to the MACs contained in the selected record; based on a negative result of the performed comparison, it is determined that the data record is corrupt.
In an embodiment, encryption key construction and MAC calculation may be performed on the client side, while record analysis and whether data is corrupted are performed on the server side.
In an embodiment, the encryption key is constructed by a method of determining compromised data using a cryptographic hash function.
Objects and features of the present invention and methods for accomplishing the same will become apparent by reference to the exemplary embodiments. However, the present invention is not limited to the exemplary embodiments disclosed herein, and may be implemented in various forms. The statements provided in this specification merely represent specific details that are necessary to provide a thorough understanding of the present invention; the invention is defined within the scope of the appended claims.
As certain terms are referred to throughout this disclosure, those skilled in the art will readily understand. For example, message authentication may include protection of the cryptographic communication system or another cryptographic system from imposing erroneous data. In other words, message authentication provides data protection to prevent unauthorized modification or to protect message integrity.
In another example, a Message Association Code (MAC) may be an element of message authentication that ensures that a message authentication protocol mutually trusts participants. In an embodiment, the MAC may include a set of special symbols added to the message and intended for message integrity verification and data source authentication.
In another example, a symmetric key algorithm may include a data encryption system or process in which the same cryptographic key is used for encryption and decryption of data.
In another example, an asymmetric key algorithm (e.g., a public key cryptosystem) may include an encryption system or process in which a public key is sent using a public (i.e., unprotected or observable) channel and used to encrypt the message. To decrypt the message, the private key is used. The private key keeps secret for personnel needing to decrypt the encrypted data; the private key is not provided to others.
In another example, the cryptographic strength (cryptographical strength) may include the ability of a cryptographic algorithm to resist cryptanalysis. An algorithm is considered strong if a successful attack on it requires an attacker to have a practically inaccessible amount of computing resources or to intercept an open or encrypted message, or to spend so much time on decryption that the protected information loses its value when decrypted.
Referring to FIG. 1, a block diagram of asystem 100 for detecting compromised data is depicted, according to an embodiment. The datacorruption determination system 100 generally includes adata record 130, an encryptionkey construction tool 110, aMAC computation tool 120, amessage library 140, aninspection determination tool 150, and aninspection tool 160.
Some subsystems ofsystem 100 include various engines or tools, each of which is constructed, programmed, configured, or otherwise adapted to autonomously perform a function or group of functions. The term "engine" as used herein is defined as a real-world device, component, or arrangement of components implemented using, for example, hardware, such as by an Application Specific Integrated Circuit (ASIC) or Field Programmable Gate Array (FPGA), or as a combination of hardware and software, such as by a microprocessor system and a set of program instructions adapting the engine to implement specific functions that, when executed, transform the microprocessor system into a special purpose device. The engine may also be implemented as a combination of both, with some functions being assisted solely by hardware and other functions being assisted by a combination of hardware and software. In some implementations, at least a portion of the engine, and in some cases all of the engine, may execute on one or more processors of one or more computing platforms comprised of hardware (e.g., one or more processors, data storage devices such as memory or drive storage, input/output facilities such as network interface devices, video devices, keyboards, mice or touch screen devices, etc.) that execute operating systems, system programs, and application programs, while also implementing the engine using multitasking, multithreaded processing, distributed processing (e.g., clustering, peer-to-peer, cloud, etc.), or other such techniques, as appropriate. Accordingly, each engine may be implemented in a variety of physically realizable configurations, and generally should not be limited to any particular implementation illustrated herein, unless such limitations are explicitly invoked. In addition, the engine itself may be composed of more than one sub-engine, where each sub-engine may be considered its own engine. Further, in the embodiments described herein, each of the various engines corresponds to a defined autonomic function; however, it should be understood that in other contemplated embodiments, each function may be assigned to more than one engine. Likewise, in other contemplated embodiments, multiple defined functions may be implemented by a single engine performing those multiple functions, possibly side-by-side with other functions, or distributed differently among a set of engines, other than as specifically shown in the examples herein.
In an embodiment, thesystem 100 is configured on a client-server architecture: the client side includesdata records 130 and executes encryptionkey construction tool 110 andMAC calculation tool 120; the server side includes amessage library 140, inspection rules 151, and executes aninspection determination tool 150 and aninspection tool 160.
For example, the client portion may be located in an automobile and collect data on automobile behavior parameters for an insurance company, while the server portion may be located at the insurance company (operating with the insurance company's equipment). In such a case, the client portion may be vulnerable to malicious attacks (e.g., attempting to modify data-speed, engine operating characteristics, geographic location, etc. with respect to vehicle behavior parameters), while the server portion may be reliably protected from any type of malicious attack because the results of client data analysis using the resources of the server portion are trusted. Additional details regarding such an embodiment are also depicted in fig. 3.
In response to various external actions, anevent 101 may occur in thesystem 100. In an embodiment, the resulting at least onemessage 102 is constructed for each event.Message 102 may represent data including characteristics and/or timestamps ofevent 101.
For example, every 0.01 seconds (event 101 — occurrence of data collection time), a sensor installed in the automobile engine receives an engine RPM value. Based on the received data, amessage 102 is created, which includes information about the time of occurrence of the event, the type of event and the characteristics of the event:
163625324 → timer → engine → RPM → 8450
And has the following hexadecimal format:
0x09C0B96C00010210000100002102.
the encodingkey construction tool 110 is configured to construct an initial pre-shared key pk based on characteristics of the encryptionkey construction tool 1100And constructs an encryption key pk based on the previously constructed encryption keyn:
pkn=g(pkn-1),
Wherein:
g is an encryption key construction function;
pkn-1is a previously constructed encryption key;
pknis the currently constructed encryption key;
the encryptionkey construction tool 110 is also configured to send the constructed encryption key to theMAC calculation tool 120.
In an embodiment, the encryption key is constructed upon request from theMAC calculation tool 120.
In yet another embodiment, the characteristics of encryptionkey construction tool 110 are represented by the time received from an accurate clock constructed in encryptionkey construction tool 110.
In yet another embodiment, the initial pre-shared key pk0Constructed based on at least one of: first message sample 102m1Or by the first message 102m1The time of occurrence of the characterizedevent 101.
In another embodiment, cryptographickey construction tool 110 provides a Hardware Security Module (HSM) or a program tool operating at an HSM. The HSM is physically defended from hackers, making unauthorized access to the functions of encryptionkey construction tool 110 impossible. In other words, the HSM physically prevents malicious attempts to gain control of encryptionkey construction tool 110 or to obtain data from the control of encryptionkey construction tool 110, and the like.
In yet another embodiment, the initial pre-shared key pk0Contained in encryptionkey construction tool 110 and preset before the start of data corruption determination system operation. For example, when using an HSM, the initial pre-shared key is built during the creation and programming of the HSM.
In an embodiment, a one-way cryptographic strong hash function is used to construct the encryption key. In yet another embodiment, at least the following is used as a cryptographic hash function for constructing the key: a public key asymmetric encryption function; in this case, the public encryption key is contained in the encryptionkey construction tool 110 and is set in advance before the start of system operation, and the private encryption key is contained in theinspection tool 160; or an encryption key symmetric encryption function; in this case, the encryption key is contained in the encryptionkey construction tool 110, in theinspection tool 160, and is set in advance before the system operation starts.
Thus, using a physical hacking tool and using an encryption method to construct the encryption key, etc., ensures the encryption strength of the computer-based constructed encryption key, which inhibits or prevents illicits from constructing their own encryption key using alternate features of the encryption key construction tool 110 (e.g., the time to construct the encryption key and the time of creation of the message 102).
When an asymmetric encryption function is used as a cryptographic hash function to construct an encryption key, the server side can confirm the validity of the encryption key being used (and thereby determine whether the encryption key is forged). When a symmetric encryption function is used as a cryptographic hash function to construct the encryption key, the server side can decrypt the encryption key being used and obtain the data used to construct the encryption key (and thereby exclude any forged encryption key).
TheMAC calculation tool 120 is configured to intercept at least two constructedmessages 102 and then sequentially calculate a MAC for each interceptedmessage 102. In an embodiment, the calculation of the MAC (algorithm I) comprises: for the first intercepted message m1:
Based on the encryption key pk requested from the encryptionkey construction tool 1101And intercepted message m1To calculate the MAC:
μ1=f(m1,pk1),
wherein:
f is a cryptographic function;
pk1is a preset encryption key;
m1is the first message;
μ1is a message m1The MAC of (2);
for each subsequent message m after the first intercepted messagen:
Using intercepted messages mnAnd MAC mu calculated for earlier intercepted messagesn-1Constructing a data block:
bn=h(μn-1,mn),
wherein:
h is a data block construction function (data block construction rule);
bnis the nth data block;
mnis the nth message;
μn-1is a message mn-1The MAC of (2);
using slave encryption key constructsThe encryption key pk requested by theconstruction tool 110nAnd a constructed data block bnTo calculate the MAC:
μn=f(bn,pkn),
wherein:
f is a cryptographic function;
pknis the encryption key of the nth message;
bnis the nth data block;
μnis a message mnThe MAC of (1).
In an embodiment, theMAC calculation utility 120 is further configured for writing a record to thedata record 130, the record containing the last calculated MAC and all intercepted messages, and writing data from thedata record 130 to themessage library 140.
In one embodiment, an initial pre-shared key is requested from cryptographickey construction tool 110 prior to processingfirst intercept message 102. The pre-shared key is constructed using a different method than the method used to construct the subsequent key. In processing the first message and subsequently interceptedmessages 102, an encryption key may be requested from encryptionkey construction tool 110, which may be constructed using the same method for all similar types of keys.
In yet another embodiment, upon completion of writing the above-mentioned record to thedatabase 130, all intermediate results of the processing of the intercepted message 102 (including the calculated MAC, the data blocks constructed except the last, the requested encryption key, etc.) are deleted from the system. Thus, the absence of the intermediate data described above does not allow a violator to construct its record to thedata record 130 using thesubstitute message 102.
In yet another embodiment, if writing thedata record 130 appears to be impossible due to a limited amount of available computing resources (e.g., as a result of or caused by a previous recording to the data record 130), the following operations may be performed: first, thedata records 130 are deleted (thereby freeing up computing resources), and new (blank)data records 130 are created (information fromold data records 130 is lost). Second, a first construction of the MAC is performed after the creation of thenew data record 130 using the initial pre-shared key requested from the encryptionkey construction tool 110.
Thus, the encryptionkey construction tool 110 provides the key using the following pattern:
pk0(param1)→g(pk0)→g(pk1)→…→g(pkn-1)→…deletion
creation…→pk0(param2)→g(pk0)→g(pk1)→…→g(pkn-1)
for example, after thedata record 130 is completely filled (no computing resources are available), the data from thedata record 130 is lost, and the data record itself 130 begins to fill from scratch (i.e., the client side again has computing resources available).
In yet another embodiment, the HSM tool provides a time and a key (depending on the time). Thus, during the subsequent checking, it is possible to recover the initial key (knowing the time) and analyze the time and evaluate its validity.
In conventional systems, when a device is compromised, nothing prevents an attacker from deleting an existing record, requesting a new key and creating a new record, and purportedly populating the latter from random events in the past. However, when using an HSM containing the above features, such an attack is difficult to achieve since the initial key will be tightly bound to the real time. This means that an attacker will not be able to send the recording to the past (i.e. the creation time allocated to the recording earlier than the real time). This is the essence of the protection described herein. Since the HSM contains or generates the time itself (e.g., the HSM may contain a real-time clock), there is also a need for anti-hacking requirements to prevent an attacker from manipulating this tool (clock).
In yet another embodiment, many accessible resources for the data corruption determination system can be utilized (and used or exhausted accordingly). For example, the space allocated on the information medium for storing thedata records 130 may be limited. In this case, the information medium is part of the client side of the system (if it is built using a client-server architecture). In another example, the processor time allocated to theMAC calculation tool 120 for analyzing the interceptedmessage 102 may run out. In another example, connection parameters between the tools on the client-side and server-side portions of the system may be used to characterize the likelihood of writing and reading data from the available message library 140 (i.e., the speed at which data is written to the message library 140). In another example, the maximum size of themessage 102 that can be written to thedata record 130 or analyzed by theMAC calculation tool 120 can be exhausted.
In one example, to store thedata records 130, 100Mb of free space is allocated on the media on the client-side portion of the system. If a message requires 1Kb of storage anddata records 130 are written by theMAC calculation tool 120 every second (e.g., in a moving car), the data records will be filled in-28 hours (all allocated available space will be exhausted). When designing the system, the developer indicates that a connection must be established between the client-side and server-side portions of the system during the day, and that data from thedata records 130 will be written to themessage library 140 after being analyzed by theMAC computation tool 120. If only 1Mb of free space is allocated for data record 130 (such storage space, or even less, exists in many built-in systems),data record 130 will fill in 17 minutes, and it may happen that data is not sent to the server side portion and will be lost (or overwritten).
In yet another embodiment, the constructed data block contains the selected message and the MAC calculated for the previously selected message.
In yet another embodiment, the writing of data from thedata record 130 to themessage repository 140 performs at least: whenever there is a connection between the client-side portion and the server-side portion of the data corruption determination system; the preset time is used after the previous successful writing of data from thedata record 130 to themessage store 140; when the processedmessage 102 exceeds a preset number; or if a predetermined amount of available data is compromised to determine that system resources are available.
In an embodiment, once all data from thedata record 130 is written to themessage library 140, the data record is cleared and thenext message 102 written to thedata record 130 is considered the first message. In other words, thedata record 130 is deleted (thereby freeing up computing resources) and a new (blank)data record 130 is created. The first construction of the MAC after creation of thenew data record 130 is performed using the initial pre-shared key requested from the cryptographickey construction tool 110.
In one embodiment, the characteristics of thedata records 130 are defined by the resources available in the system. In another embodiment, at least the following is used as a feature of the data record 130: a maximum number of messages (records) 102 to which adata record 130 can be written; or the maximum amount of data (the total amount of write messages 102) that can be written to thedata record 130. In yet another embodiment, thedata record 130 is configured to additionally store the order ofmessages 102 written therein.
Themessage library 140 is a database containing data sent by theMAC calculation tool 120 that contains in each record at least the combination of themessage 102 and the last calculated MAC.
Theinspection determination tool 150 is configured to intercept theevent 101 that complies with thepreset rules 151. For example, ifmessage 102 is written todata record 130,event 101 occurs. Theinspection determination tool 150 is further configured to determine whether to perform a data corruption inspection using the interceptedevent 101 and to transmit the selected record from themessage repository 140 to theinspection tool 160.
In one embodiment, the decision to perform a data corruption check is made at least if: an event intercepting a write of data to thedata record 130, or a stable connection between the client-side and server-side portions of the data corruption determination system.
Theinspection tool 160 is configured to analyze each record received from thedetermination tool 150 according to the request. In an embodiment, such analysis includes sequentially calculating a MAC for each message contained in the received record using algorithm I, comparing the calculated MAC to the MAC contained in the selected record, and determining whether thedata record 130 has been compromised if the calculated MAC does not match the MAC contained in the selected record.
In one embodiment, themessages 102 from a record are selected in the order in which they are located in the record.
In another embodiment, the pre-set encryption key used in theMAC calculation tool 120 and the pre-set encryption key used in theinspection tool 160 are the same and are set when the data corruption determination system is built.
In yet another embodiment, the pre-set encryption key used in theinspection tool 160 is constructed using a timestamp contained in a record selected from themessage library 140.
In another embodiment, the cryptographic hash function is used to construct the encryption key.
In yet another embodiment, a public key asymmetric encryption function may be used as a cryptographic hash function for constructing the encryption key. For example, a public encryption key is contained in the encryptionkey construction tool 110 and is set in advance before the start of system operation, and a private encryption key is contained in theinspection tool 160. In another example, an encryption key symmetric encryption function may be used as a cryptographic hash function to construct the encryption key. For example, the encryption key may be included in the encryptionkey construction tool 110, in theinspection tool 160, and preset before system operation begins.
In yet another embodiment, the constructed data block contains the selected message and the MAC calculated for the previously selected message.
In yet another embodiment, the comparison of the MACs is performed bit by bit.
In yet another embodiment, if the compared MACs do not match, thedata record 130 is considered corrupt. For example, one MAC calculated byMAC calculation tool 120 may be compared to another MAC calculated byinspection tool 160.
In another embodiment, to determine whether thedata record 130 is compromised, at least the following is additionally analyzed: an encryption key constructed by theinspection tool 160 using data selected from the record; and/or the temporal characteristics of the establishment of themessage 102 contained in the selected record.
The following discussion regarding the operation of thesystem 100 describes vehicle operating characteristics. In order to make decisions about insurance payments in the event of an accident, insurance companies install a system in their customers' cars that collects data from car sensors. From an analysis of the collected data, the operating characteristics of the vehicle-whether or not the vehicle is speeding at the time of the accident, the location where the vehicle is travelling, the actions taken by the driver while driving the vehicle, etc. are determined. The determined operating characteristics are used to determine insurance payments, costs of vehicle insurance (insurance costs increase if the person drives "well over speed limits, etc.). Corruption of the collected data can lead to erroneous analysis and financial loss by the insurance company (e.g., the speed of the vehicle is artificially underestimated when an accident occurs, leading to erroneous insurance claim determinations and additional compensation).
When the vehicle speedometer sensor is activated, a "speed change" #1101 occurs, which is characterized by the current speed of the vehicle and a timestamp when the speed was registered (when event #1101 occurred). For example, v 85, 75km/h, t 1067256253, 232 (conventional time unit, e.g. Unix time format).
Event #1101 above initiates the creation of a message m containing the data listed above1102:
v=85,75km/h,t=1067256253,232.
And then write the message to thedata record 130. Thereafter, theMAC calculation tool 120, which is a component of the client-side portion of the data corruption determination system, uses the encryption key K1And message m1102μ1Calculates the MAC and writes the MAC to themessage library 140.
Event #1101 is also sent to theinspection determination tool 150, which is a component of the server-side portion of the data corruption determination system. Based on theinspection rule 151 and the received data (in this case, event #1101), it is determined whether it is necessary to perform a data damage inspection based on the intercepted event # 1101. For example, one of the rules may be an abrupt change in the vehicle speed or an acceleration exceeding a preset value (e.g., 2 g). This data may come from another speedometer sensor. In an embodiment, no data corruption check is performed as long as no such event is registered.
Until the relevant determination is made by theinspection determination tool 150, the data is saved to thedata record 130 and themessage repository 140.
When another vehicle speedometer sensor is activated, a "speed change" # N101 occurs, which is characterized by the current speed of the vehicle and a timestamp when the speed was registered (when event #1101 occurs), e.g., v 15, 21km/h, t 1067279253, 008.
The above event # N101 initiates the creation of a message m containing the above listed datan102:
v=15,21km/h,t=1067279253,008。
And then write the message to thedata record 130. Thereafter, theMAC calculation tool 120, which is a component of the client-side portion of the data corruption determination system, uses the encryption key KnAnd message mn102μnCalculates the MAC and writes the MAC to themessage library 140.
Event # N101 is also sent to theinspection determination tool 150. Based on thecheck rule 151 and the received data (in this case, event # N101), it is determined whether it is necessary to perform a data corruption check based on the intercepted event # N101. It is determined that the speed change exceeds a preset threshold (e.g., Δ v-50 km/h) and the acceleration also exceeds a preset threshold (e.g., g-5.6). As a result, thecheck determination tool 150 sends a request to thecheck tool 160 depending on whether a check needs to be performed on the data written in themessage library 140.
Theinspection tool 160 sequentially selects all records from themessage library 140 and recalculates the MAC for all messages contained in the selected records (using the same method as the MAC calculation tool 120). The resulting final MAC is then compared by theinspection tool 160 with the MAC contained in the last selected record. If the MAC values are different, it is determined that thedata record 130 is corrupt. In embodiments where the data contains information collected from vehicle sensors, it may be concluded that: a user of the system (the vehicle owner) attempts to forge the data from the sensors to hide information about the vehicle condition. Thus, the insurance company has a reason to refuse to pay the insurance money or modify the insurance terms to the user.
Referring to fig. 2, a flow diagram of amethod 200 for detecting compromised data is depicted, in accordance with an embodiment. Generally, themethod 200 generally includes calculating a MAC at 210, saving a record at 220, performing an analysis at 230, performing an analysis, and determining compromised data at 240.
More specifically, at 210, a MAC is sequentially computed for each selected message from thedata record 130 containing at least twomessages 102. For example, for the first selected message, the MAC is calculated using the preset encryption key and the selected message. For each subsequent message following the first selected message, constructing an encryption key based on the encryption key constructed for the previously selected message, constructing a data block using the intercepted message and the MAC calculated for the previously selected message, and calculating the MAC using the constructed encryption key and the data block.
At 220, a record containing the last MAC computed at 210 and all messages selected at 210 is saved to themessage store 140.
At 230, an analysis of each selected record from themessage library 140 is performed. For example, by performing the above-described processing for the first selected message and the second selected message at 210, the MAC is sequentially calculated for each message contained in the selected record. The final calculated MAC is compared to the MAC contained in the selected record.
At 240, based on the results of the comparison made at 230, it is determined whether thedata record 130 is corrupt.
Referring to fig. 3, a block diagram of asystem 300 for detecting damaged vehicle data is depicted, according to an embodiment. In an embodiment, thesystem 300 may implement themethod 200 for vehicle data as described above.
In an embodiment, thesystem 300 generally includes avehicle client device 302 and aserver 304. In an embodiment,client device 302 andserver 304 may be operatively coupled by a network such that they communicate, either constantly or intermittently.
Thememory 308 operatively coupled to theprocessor 306 may include volatile or non-volatile memory as needed to couple theprocessor 306 to provide not only space to execute instructions or algorithms, but also to store the instructions themselves. In embodiments, for example, volatile memory may include Random Access Memory (RAM), Dynamic Random Access Memory (DRAM), or Static Random Access Memory (SRAM). In embodiments, for example, the non-volatile memory may include read-only memory, flash memory, ferroelectric RAM, hard disk, floppy disk, magnetic tape, or optical disk memory. The foregoing list in no way limits the types of memory that may be used, as these embodiments are given by way of example only and are not intended to limit the scope of the invention.
Theprocessor 306 may further include instructions for implementing avehicle sensor engine 316, thevehicle sensor engine 316 including a vehicle sensor configured to detect a characteristic or measurement of a vehicle. Thevehicle sensor engine 316 is also configured to write a vehicle's characteristics and a timestamp of the occurrence of the characteristics or measurements to thevehicle data record 314.
Theserver 304 generally includes aprocessor 318 and an operably coupledmemory 320.Processor 318 and/ormemory 320 may include instructions that, when executed, implement a message library, a set of inspection rules 324, aninspection determination tool 326, and aninspection tool 328. In an embodiment, message library, set of inspection rules 324,inspection determination tool 326, andinspection tool 328 may be substantially similar to those discussed above (message library 140, inspection rules 151,inspection determination tool 150, andinspection tool 160, respectively).
Referring to FIG. 4, a diagram of acomputer system 400 on which aspects of the invention described herein may be implemented is shown in greater detail, according to various embodiments depicted.
Thecomputer system 400 may include a computing device, such as apersonal computer 420, including one ormore processing units 421, a system memory 422, and asystem bus 423 that includes various system components, including memory connected to the one ormore processing units 421. In various embodiments, processingunit 421 may include multiple logic cores capable of processing information stored on a computer-readable medium. Thesystem bus 423 is implemented as any bus structure known in the relevant art, including a bus memory or bus memory controller, a peripheral bus, and a local bus, which can interact with any other bus architecture. The system memory may include non-volatile memory, such as Read Only Memory (ROM)424, or volatile memory, such as Random Access Memory (RAM) 425. A basic input/output system (BIOS)426 contains the basic procedures that ensure that information is transferred between elements within thepersonal computer 420, such as during start-up of the operatingsystem using ROM 424.
Thepersonal computer 420 in turn has ahard disk drive 427 for reading and writing data, amagnetic disk drive 428 for reading from and writing to a removablemagnetic disk 429, and anoptical disk drive 430 for reading from or writing to a removableoptical disk 431 such as a CD-ROM, DVD-ROM, and other optical media. Thehard disk drive 427,magnetic disk drive 428, andoptical disk drive 430 are connected to thesystem bus 423 by a harddisk drive interface 432, a magnetic drive-interface 433, and anoptical drive interface 434, respectively. The drives and their corresponding computer information media represent energy-independent means for storing computer instructions, data structures, program modules and other data on thepersonal computer 420.
The depicted system includes ahard disk drive 427, a removablemagnetic disk drive 429, and a removableoptical disk drive 431, but it should be appreciated that other types of computer media which can store data in a form readable by a computer (solid state drives, flash memory cards, digital disks, Random Access Memories (RAMs), and the like) can be used and connected to thesystem bus 423 by thecontroller 455.
Thecomputer 420 includes afile system 436 that stores a recordedoperating system 435, as well asadditional program applications 437,other program engines 438, andprogram data 439. A user may enter commands and information into thepersonal computer 420 through input devices (keyboard 440, mouse 442). Other input devices (not shown) may also be used, such as: a microphone, joystick, game console, scanner, or the like. These input devices are often connected tocomputer system 400 through aserial port 446, which is, in turn, connected to the system bus, but may be connected in a different manner, such as by using a parallel port, game port or a Universal Serial Bus (USB). Amonitor 447 or another type of display device is also connected tosystem bus 423 via an interface, such asvideo adapter 448. In addition to themonitor 447, thepersonal computer 420 may be equipped with other peripheral output devices (not shown), such as speakers, printers, etc.
Thepersonal computer 420 is capable of operating in a networked environment; in which case it employs a network connection to one or several otherremote computers 449. The one or moreremote computers 449 are similar to a personal computer or server, having many or all of the elements described previously above with respect to describing the contents of thepersonal computer 420 illustrated in FIG. 4. The computing network may also have other devices, such as routers, network stations, peer devices, or other network nodes.
The network connections may form a Local Area Network (LAN)450 and a Wide Area Network (WAN). These networks are used in enterprise computer networks or intranets and typically have access to the internet. In a LAN or WAN network, thepersonal computer 420 is connected to thelocal network 450 through a network adapter ornetwork interface 451. When a network is used, thepersonal computer 420 may be connected to a wide area network, such as the Internet, using the modem 454 or other means. The modem 454, which can be an internal or external device, is connected to thesystem bus 423 via theserial port 446. It should be clear that these network connections are only examples and do not necessarily reflect the exact network configuration, i.e. there are in fact other means of establishing connections using communication technology means between computers.
Various embodiments of systems, devices, and methods have been described herein. These examples are given by way of example only and are not intended to limit the scope of the claimed invention. Furthermore, it should be appreciated that various features of the embodiments that have been described may be combined in various ways to produce numerous additional embodiments. In addition, while various materials, dimensions, shapes, configurations, and locations, etc., have been described for use with the disclosed embodiments, others than those disclosed may be used without exceeding the scope of the claimed invention.
One of ordinary skill in the relevant art will recognize that the subject matter herein may include fewer features than illustrated in any individual embodiment described above. The embodiments described herein are not meant to be an exhaustive presentation of the ways in which the various features of their subject matter may be combined. Thus, the embodiments are not mutually exclusive combinations of features; rather, as one of ordinary skill in the art would appreciate, various embodiments may include combinations of different individual features selected from different individual embodiments. Furthermore, elements described with respect to one embodiment may be implemented in other embodiments even when not described in such embodiments, unless otherwise specified.
Although a dependent claim may refer in the claims to a particular combination with one or more other claims, other embodiments may also include combinations of a dependent claim with the subject matter of each other dependent claim or with one or more features of other dependent or independent claims. Such combinations are presented herein unless the statement is not intended to use a particular combination.
Any incorporation by reference of documents above is limited such that no subject matter is incorporated that is contrary to the explicit disclosure herein. Any incorporation by reference of documents above is also limited such that claims included in the documents are not incorporated by reference herein. Any incorporation by reference of documents above is also limited such that any definitions provided in the documents are not incorporated by reference herein unless expressly included herein.
For the purpose of interpreting the claims, it is expressly intended that the terms of 35u.s.c. § 112(f) shall not be referred to unless the claims recite a specific term "means for" or "step for".
Claims (15)
1. A system for detecting compromised data, the system comprising:
a computing platform comprising computing hardware of at least one processor and a memory operably coupled to the at least one processor;
instructions that, when executed on the computing platform, cause the computing platform to implement:
an encryption key construction tool configured to-
Constructing an initial pre-key based on at least one characteristic of the cryptographic key construction tool, an
Constructing an encryption key based on a previously constructed key;
a message association code MAC calculation tool configured to-
Receiving the initial preset key and the encryption key from the encryption key construction tool,
intercepting a first message related to an event and a second message related to said event, an
Sequentially generating MACs for the first message and the second message, wherein the MAC is generated for the first message based on the initial pre-key and the first message and is generated for the second message based on an encryption key for the second message and a data block constructed for the second message, the data block comprising the second message and the MAC generated for the first message, and wherein a previously constructed key for the second message is the initial pre-key,
writing a record to a data record, the record including the first message and the second message and the MAC generated for the second message, an
Writing a data record from the data record to a message library;
an inspection determination tool configured to-
Intercepting the event based on a preset rule, an
Determining whether to perform a data corruption check using the intercepted event and the message repository data; and
an inspection tool configured to-
Analyzing each record received from the inspection determination tool to determine whether the MAC in the record matches an expected MAC, an
Indicating data corruption when the MAC in the record does not match the expected MAC,
wherein the cryptographic key construction tool comprises a Hardware Security Module (HSM) that is physically tamper-free, wherein the HSM is configured to provide a current time and a new initial pre-key, and the MAC calculation tool is further configured to evaluate the validity of the new initial pre-key for the current time.
2. The system of claim 1, wherein the encryption key construction tool is configured to construct the initial pre-key using at least one of a time of the first message or a time of the event.
3. The system of claim 1, wherein the initial pre-key is pre-provisioned in the computing hardware prior to execution of the instructions on the computing platform.
4. The system of claim 1, wherein the initial pre-key is a public cryptographic key pre-set in the cryptographic key construction tool prior to execution of the instructions on the computing platform, and wherein a corresponding private cryptographic key is pre-set in the inspection tool prior to execution of the instructions on the computing platform.
5. The system of claim 1, wherein the MAC computation tool is further configured to delete all computed MACs, encryption keys, and data blocks, except for a last computed MAC, after writing the record to the data record.
6. The system of claim 1, wherein the MAC computation tool is further configured to:
detecting an error in writing the record to the data record;
deleting the data record; and
a new data record is created, initialized with a subsequent message and a MAC generated from the subsequent message and the initial pre-set key.
7. The system of claim 1, wherein the MAC computation tool is further configured to write data record data from the data record to the message library by at least one of:
connection of the client device and the server device;
a preset time after a previous successful writing of data record data to the message library;
intercepting messages exceeding a preset number; or
A preset amount of available computing platform resources.
8. The system of claim 1, wherein the inspection determination tool is further configured to determine whether to perform the data corruption inspection based on at least one of:
detecting an event that data has been written to the data record; or
A stable connection of a connection between a client device and a server device is detected.
9. The system of claim 1, wherein the inspection tool is configured to analyze the selected record by:
generating the expected MAC based on the message contained in the selected record;
comparing the expected MAC to the MAC generated by the MAC calculation tool in the selected record; and
indicating a data record corruption when the expected MAC does not match the MAC in the selected record.
10. The system of claim 1, wherein the first message comprises an event occurrence time, an event type, and an event characteristic.
11. The system of claim 1, wherein the computing platform comprises:
a client mobile device comprising instructions that cause the computing platform to implement the data record, the cryptographic key construction tool, and the MAC calculation tool; and
a server device comprising instructions that cause the computing platform to implement the message library, the inspection rules, the inspection determination tool, and the inspection tool.
12. The system of claim 1, wherein the encryption key construction tool is further configured to:
intercepting a third message related to the event; and
sequentially generating MACs for the third message, wherein a MAC is generated for the third message based on an encryption key for the third message and a data block constructed for the third message, the data block comprising the third message and the MAC generated for the second message, and wherein a previously constructed key for the third message is the encryption key for the second message.
13. A method for detecting corrupted data in a data record, the method comprising:
sequentially computing a MAC for a first message in the data record and a second message in the data record, wherein the MAC is generated for the first message based on an initial pre-key and the first message and is generated for the second message based on an encryption key for the second message and a data block constructed for the second message, the data block comprising the second message and the MAC generated for the first message, and wherein a previously constructed key for the second message is the initial pre-key;
writing a record to a message database, the record including the first message and the second message and the MAC generated for the second message;
analyzing each record to determine whether the MAC in the record matches an expected MAC; and
indicating data corruption when the MAC in the record does not match the expected MAC,
a rendering hardware security module HSM, physically protected against tampering, configured to generate the initial pre-set key,
wherein the HSM is configured to provide a current time and a new initial pre-key, and the MAC calculation tool is further configured to evaluate the validity of the new initial pre-key for the current time.
14. The method of claim 13, wherein analyzing the selected record further comprises:
generating the expected MAC based on the message contained in the selected record;
comparing the expected MAC to the MAC previously calculated in the selected record; and
indicating a data record corruption when the expected MAC does not match the MAC in the selected record.
15. The method of claim 13, further comprising:
constructing the initial pre-key based on at least one characteristic of computing hardware on which the method is performed; and
an encryption key is constructed based on a previously constructed key.
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| RU2018104435 | 2018-02-06 | ||
| RU2018104435ARU2697953C2 (en) | 2018-02-06 | 2018-02-06 | System and method of deciding on data compromising |
| US16/005,158US10778695B2 (en) | 2018-02-06 | 2018-06-11 | System and method for detecting compromised data |
| US16/005,158 | 2018-06-11 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109245895A CN109245895A (en) | 2019-01-18 |
| CN109245895Btrue CN109245895B (en) | 2021-06-11 |
Family
ID=65073132
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810840630.8AActiveCN109245895B (en) | 2018-02-06 | 2018-07-27 | System and method for detecting corrupted data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109245895B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5978475A (en)* | 1997-07-18 | 1999-11-02 | Counterpane Internet Security, Inc. | Event auditing system |
| CN101127062A (en)* | 2006-08-14 | 2008-02-20 | 北京握奇数据系统有限公司 | Binding function implement method for electronic key and computer |
| CN101222316A (en)* | 2007-01-10 | 2008-07-16 | 华为技术有限公司 | Construction method and device of password synchronization, data transmission method using the password synchronization |
| CN102361481A (en)* | 2011-07-07 | 2012-02-22 | 上海凯卓信息科技有限公司 | Method for binding hardware encryption trans-flash (TF) card with mobile phone subscriber identity module (SIM) card |
| CN106919163A (en)* | 2015-12-18 | 2017-07-04 | 丰田自动车株式会社 | Communication system and the formation gathering method for performing in a communications system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7512989B2 (en)* | 2002-10-22 | 2009-03-31 | Geocodex Llc | Data loader using location identity to provide secure communication of data to recipient devices |
| EP2019992B1 (en)* | 2006-07-14 | 2015-09-16 | Scytl Secure Electronic Voting, S.A. | Method and system of generating immutable audit logs |
- 2018
- 2018-07-27CNCN201810840630.8Apatent/CN109245895B/enactiveActive
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5978475A (en)* | 1997-07-18 | 1999-11-02 | Counterpane Internet Security, Inc. | Event auditing system |
| CN101127062A (en)* | 2006-08-14 | 2008-02-20 | 北京握奇数据系统有限公司 | Binding function implement method for electronic key and computer |
| CN101222316A (en)* | 2007-01-10 | 2008-07-16 | 华为技术有限公司 | Construction method and device of password synchronization, data transmission method using the password synchronization |
| CN102361481A (en)* | 2011-07-07 | 2012-02-22 | 上海凯卓信息科技有限公司 | Method for binding hardware encryption trans-flash (TF) card with mobile phone subscriber identity module (SIM) card |
| CN106919163A (en)* | 2015-12-18 | 2017-07-04 | 丰田自动车株式会社 | Communication system and the formation gathering method for performing in a communications system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109245895A (en) | 2019-01-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10893057B2 (en) | Hardware security module systems and methods | |
| Bellare et al. | Forward integrity for secure audit logs | |
| CN106230851B (en) | Data security method and system based on block chain | |
| CN101473335B (en) | Information processing terminal, safety equipment, method used in the information processing terminal | |
| US8572050B2 (en) | Method and system for real time system log integrity protection | |
| CN107770159B (en) | Vehicle accident data recording method and related device and readable storage medium | |
| CN111984725B (en) | Verification of measurement data sets in a distributed database | |
| Lee et al. | T-box: A forensics-enabled trusted automotive data recording method | |
| CN119075317B (en) | Method, system, equipment and medium for isolated storage and encryption of game data | |
| CN111859379B (en) | Processing method and device for protecting data model | |
| CN113608907A (en) | Database auditing method, device, equipment, system and storage medium | |
| CN111585995A (en) | Method and device for transmitting and processing safety wind control information, computer equipment and storage medium | |
| CN110727546A (en) | Automobile data backup method and device | |
| CN109245895B (en) | System and method for detecting corrupted data | |
| Zawoad et al. | A trustworthy cloud forensics environment | |
| CN118869441A (en) | Method and system for measuring service usage based on an intrusion detection system and charging for associated used services | |
| CN117149521A (en) | Network-connected automobile data backup method and system | |
| CN117134955A (en) | Computer network information security monitoring method and device and computing equipment | |
| Vinzenz et al. | Proposal for a secure forensic data storage | |
| EP3522063B1 (en) | System and method for detecting compromised data | |
| CN112016131B (en) | Distributed cloud evidence obtaining credibility verification system and method thereof | |
| JP2005182509A (en) | Computer system and data falsification detection method | |
| CN120415925B (en) | Data security processing method and system | |
| CN118278044B (en) | Data security management method for land informatization government affair management | |
| CN117499159B (en) | A data transaction method, device and electronic equipment based on blockchain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |