Abstract: The present invention relates to system and method for user-controllable sharing of authorization for private data, wherein the system at least comprises: a blockchain node, for recording and verifying transaction information and/or completing payment, a client, for encrypting a symmetric key into a re-encryption key to be sent to an IPFS node, so that after a re-encryption request it sends to the IPFS node is verified as valid, the client sends the symmetric key to a server; the IPFS node, for calling a zero-knowledge proof verification contract from the blockchain node in response to the re-encryption request from the client, and performing authorization and verification; a server, for sending first encrypted data involving user authorization to the IPFS node, and/or acquiring the symmetric key sent by the client and capable of decrypting authorization data.

Abstract: The present invention provides a system for privacy protection during IoT secure data sharing and a method thereof. The present invention relates to IoT data sharing, wherein it allows users to securely share data encrypted through decentralized attribute-based encryption on a blockchain-based platform without disclosing their attribute permission, so that individual users will not be identified according to their attributes, thereby protecting user privacy. The present invention also enables users sharing encrypted data and achieving traceability and accountability in the event of privacy breach. The present invention further provides an approach to verifying user permission using an attribute-based zero-knowledge proof, so as to securely and reliably verify whether permission of a data user is real.

Abstract: The present invention provides a system for privacy protection during IoT secure data sharing and a method thereof. The present invention relates to IoT data sharing, wherein it allows users to securely share data encrypted through decentralized attribute-based encryption on a blockchain-based platform without disclosing their attribute permission, so that individual users will not be identified according to their attributes, thereby protecting user privacy. The present invention also enables users sharing encrypted data and achieving traceability and accountability in the event of privacy breach. The present invention further provides an approach to verifying user permission using an attribute-based zero-knowledge proof, so as to securely and reliably verify whether permission of a data user is real.

Abstract: The present invention provides an anti-trapdoor-leakage on-chain data restoration system, at least comprising: a blockchain node, for broadcasting transaction data of a request-initiating person to blockchain nodes and proposer nodes in other groups, respectively; and a proposer node, for performing computation of a Chameleon-Hash function using a key set that is generated by a key-generating module provided in the proposer node, packaging the transaction data to generate a new block, and distributing the new block to all the blockchain nodes so that the blockchain nodes update their respective underlying ledgers according to the new blocks broadcasted by the proposer. The system of the present invention not only realizes such functions as restoration and editing of the transaction data, but also protects operational security and reliability of blockchains.

Abstract: The present disclosure involves a sidechain testing system and method for improving security and stability of a smart contract.

Abstract: The present disclosure involves a sidechain testing system and method for improving security and stability of a smart contract.

Abstract: The present invention provides a TrustZone-based security isolation system for shared library, the system at least comprising: a sandbox creator, a library controller, and an interceptor, the sandbox creator, in a normal world, dynamically creating a sandbox isolated from a Rich OS, the interceptor, intercepting corresponding system-calling information and/or Android framework APIs by means of inter-process stack inspection, the library controller, performing analysis based on the intercepted system-calling information and/or Android framework APIs, redirecting a library function to the sandbox, and switching calling states of the library function in the sandbox as well as setting up a library authority. The present invention has good versatility, low cost and high security. It realizes isolation of the library without increasing the trusted bases in the Secure World of the TrustZone, effectively reducing the risk of being attacked.

Abstract: The present invention involves with a cloud tenant oriented method and system for protecting privacy data. The method comprises at least the following steps: analyzing event handler information and/or behavioral signature information of request information and determining an execution mode, selecting at least one node without a behavioral signature plot to execute the tenant request and recording an execution result, generating a behavioral signature plot based on the execution result, and dynamically detecting security-sensitive behavior based on the behavioral signature plot. The present invention ensures data security during processing of security-sensitive data for cloud services by adopting a technology based on behavioral signatures, and prevents attackers from exploiting vulnerabilities and bypassing security control to conduct malicious operations.

Abstract: The present invention provides a TrustZone-based security isolation system for shared library, the system at least comprising: a sandbox creator, a library controller, and an interceptor, the sandbox creator, in a normal world, dynamically creating a sandbox isolated from a Rich OS, the interceptor, intercepting corresponding system-calling information and/or Android framework APIs by means of inter-process stack inspection, the library controller, performing analysis based on the intercepted system-calling information and/or Android framework APIs, redirecting a library function to the sandbox, and switching calling states of the library function in the sandbox as well as setting up a library authority. The present invention has good versatility, low cost and high security. It realizes isolation of the library without increasing the trusted bases in the Secure World of the TrustZone, effectively reducing the risk of being attacked.

Abstract: The present invention involves with a cloud tenant oriented method and system for protecting privacy data. The method comprises at least the following steps: analyzing event handler information and/or behavioral signature information of request information and determining an execution mode, selecting at least one node without a behavioral signature plot to execute the tenant request and recording an execution result, generating a behavioral signature plot based on the execution result, and dynamically detecting security-sensitive behavior based on the behavioral signature plot. The present invention ensures data security during processing of security-sensitive data for cloud services by adopting a technology based on behavioral signatures, and prevents attackers from exploiting vulnerabilities and bypassing security control to conduct malicious operations.

Abstract: In at least one embodiment, a method for secured rollback of a virtual Trusted Platform Module (vTPM) that renders available functionalities offered by Trusted Platform Module (TPM) on a computer to a virtual machine (VM) is provided. The method includes taking and saving a snapshot of current state of a virtual machine as well as a snapshot of the corresponding vTPM, upon receiving a request for taking a snapshot of the virtual machine. The method further includes converting the snapshots into the current state of the virtual machine and the current state of the vTPM, respectively, upon receiving a request to roll back the virtual machine.

Abstract: In a computing environment that includes multiple virtual machines performing computing tasks for a same entity, the integrity of each of the virtual machines may be synchronized between different virtual machines to create a trusted logic virtual domain for a user.

Abstract: In at least one embodiment, a method for secured rollback of a virtual Trusted Platform Module (vTPM) that renders available functionalities offered by Trusted Platform Module (TPM) on a computer to a virtual machine (VM) is provided. The method includes taking and saving a snapshot of current state of a virtual machine as well as a snapshot of the corresponding vTPM, upon receiving a request for taking a snapshot of the virtual machine. The method further includes converting the snapshots into the current state of the virtual machine and the current state of the vTPM, respectively, upon receiving a request to roll back the virtual machine.