Encryption and decryption techniques based on one or more transposition vectors. A secret key is used to generate vectors that describe permutation (or repositioning) of characters within a segment length equal to a length of the transposition vector. The transposition vector is then inherited by the encryption process, which shifts characters and encrypts those characters using a variety of encryption processes, all completely reversible. In one embodiment, one or more auxiliary keys, transmitted as clear text header values, are used as initial values to vary the transposition vectors generated from the secret key, e.g., from encryption-to-encryption. Any number of rounds of encryption can be applied, each having associated headers used to detokenize encryption data and perform rounds to decryption to recover the original data (or parent token information). Format preserving encryption (FPE) techniques are also provided with application to, e.g., payment processing.

The present disclosure discloses a mask S-box, a block ciphers algorithm unit, a device and a corresponding construction method. The mask S-box includes an input module, an address mapping processing module, and an output module. The input module receives a random number and an input data which is masked by the random number and uses the random number and the input data as two inputs of the mask S-box. The address mapping processing module performs one-to-one mapping on the two inputs and the corresponding memory address of the mask S-box. The output module linearly processes the random number by using a linear function to obtain the linearly converted random number, which is used as one output of the mask S-box. The memory address obtained by using the linearly converted random number to mask the output of the original S-box is used as the other output of the mask S-box.

An attack on an RSA encryption algorithm based on simple power analysis (SPA) is thwarted by scrambling the sliding window sequence that results from performing sliding window processing on a power exponent. The sliding window sequence is scrambled with a random code that is utilized to determine an adjustment tendency and an adjustment length.

This invention discloses a method and system for generating a private key and a corresponding public key. These keys can be used for encrypting a message into a cipher-text for transmission through an insecure communication channel, and for decrypting said ciphertext into a clear plaintext. The goal of the present invention is to provide encryption and decryption methods of the McEliece type which are capable of improving the security level of a post-quantum cryptosystem. In one embodiment, this object is achieved by three methods: a method for creating a public key from a private linear code generator matrix, a method for encrypting a message into a ciphertext and a method for decrypting the cipher-text into a plaintext. The key generation and encryption methods of the present invention comprises the following steps: selecting an [n, k] linear code generator matrix G.sub.s=[g.sub.0 , . . . , g.sub.n] over GF(q) as the private key, where k, w, n and q are positive integers and where g.sub.0 , . . . , g.sub.n1 are length k column vectors; selecting k1 random matrices C.sub.0 , . . . , C .sub.w1; selecting a kk non-singular matrix S; selecting an (n+w)(n+w) matrix A; selecting an (n+w)(n+w) permutation matrix P; and setting the public key as G=S[g.sub.0 , . . . , g.sub.nw, C.sub.0 , . . . , g.sub.n1, C.sub.n1]AP. receiving the public key G, which is a k(n+w) matrix over a finite field GF(q); generating an error vector e having elements in GF(q) and having a predetermined weight t; and encrypting a message vector m, to a ciphertext vector y=mG+e.

The main difference between the proposed cryptosystem and known variants of the McEliece cryptosystem consists in the way the private generator matrix is disguised into the public one by inserting and mixing random columns within the private generator matrix.

A mask is selected amongst a plurality of masks. A first masked random number is generated by converting a first random number using the selected mask, and a first key is generated from the first masked random number and a first biometric code generated from biometric information. In addition, mask information indicating the selected mask is stored. A second masked random number is generated by converting a second random number using the selected mask or a different mask having a predetermined relationship with the selected mask, and a second key is generated from the second masked random number and a second biometric code. A ciphertext is generated using one of the first key and the second key and an error-correction encoding method.

Some embodiments provide systems and methods for confidentially and securely provisioning data to an authenticated user device. A user device may register an authentication public key with an authentication server. The authentication public key may be signed by an attestation private key maintained by the user device. Once the user device is registered, a provisioning server may send an authentication request message including a challenge to the user device. The user device may sign the challenge using an authentication private key corresponding to the registered authentication public key, and may return the signed challenge to the provisioning server. In response, the provisioning server may provide provisioning data to the user device. The registration, authentication, and provisioning process may use public key cryptography while maintaining confidentiality of the user device, the provisioning server, and then authentication server.

An integrated circuit includes functional circuitry such as a processing core, memory interfaces, cryptographic circuitry, etc. The integrated circuit also includes protection circuitry to protect the functional circuitry of the integrated circuit against attacks by hidden channels. The protection circuitry, for each of a series of successive periods of time, selects a configuration of the functional circuitry from a set of configurations of the functional circuitry, sets a duration of the period of time, and applies the selected configuration of the functional circuitry for the set duration of the period of time.

An application processor includes a security processor. An operating method of the security processor includes generating a recoder input including a digit-unit multiplier and a reference bit. At least one random bits having a random value are generated. When the recoder input has a predetermined pattern, the recoder input is converted into a first recoding value or a second recoding value according to a random bit corresponding to the recoder input to generate a recoding result.

The invention provides an authentication method and system. It is particularly suited for verifying the identity of an individual prior to permitting access to a controlled resource. This may or may not be a financial resource. The invention uses biometric data relating to a user to encode and decode an identifier associated with a user. Thus the user's biometric data becomes the key for encoding and subsequently decoding the identifier. In one embodiment, the biometric data is used to generate a keypad configuration. The keypad configuration specifies the order and/or position of a plurality of keypad keys. An operable keypad and/or image of a keypad is then generated using the configuration. Thus, the individual's biometric data can be used to generate a customised keypad and/or image which can then be used to encode or decode the identifier associated with the user. A keypad or image generated from the biometric data can be used to generate a mapping between different keypad configurations. The biometric data may be captured at or on a device associated with the individual, such as a computer, mobile phone, tablet computer etc.

The invention provides a solution for secure authentication of an individual. The invention comprises methods and apparatus for secure input of a user's identifier e.g. PIN. An image of a keypad is superimposed over an operable keypad within a display zone of a screen associated with an electronic device. The keypad image and/or the operable keypad are generated by the device using a scrambled or randomised keypad configuration generated on or at the electronic device. The configuration or order of keys depicted in the image may or may not be scrambled or randomised. Thus, the order of keys depicted in the image do not correspond to the order of the keys in the operable keypad, so that when the user selects a key depicted in the image on the screen, the underlying operable keypad is caused to operate and an encoded version of the user's input is received into memory on the device. The encoded input can be sent for decoding on a remote computer. The keypad configurations used for generation of the operable keypad(s) and/or keypad image(s) are generated using an input. The input could be a true or pseudo random number or biometric data relating to a user of the device. The device may be a mobile phone, a tablet computer, laptop, PC, payment terminal or any other electronic computing device with a screen.