Disclosed is an electronic device for performing code-based encryption supporting integrity verification of a message and an operating method thereof. When a data transmission side encrypts a message through code-based encryption and transmits the encrypted message to a data reception apparatus, the data transmission side is allowed to use a hash value generated based on a part of the message as an error in code-based encryption to support the data reception apparatus to verify an integrity of a received message by using the hash value.

A set of servers can support secure and efficient Machine to Machine communications using an application interface and a module controller. The set of servers can record data for a plurality of modules in a shared module database. The set of servers can (i) access the Internet to communicate with a module using a module identity, (i) receive server instructions, and (iii) send module instructions. Data can be encrypted and decrypted using a set of cryptographic algorithms and a set of cryptographic parameters. The set of servers can (i) receive a module public key with a module identity, (ii) authenticate the module public key, and (iii) receive a subsequent series of module public keys derived by the module with a module identity. The application interface can use a first server private key and the module controller can use a second server private key.

Systems, apparatus, methods, and techniques for functional safe execution of encryption operations are provided. A fault tolerant counter and a complementary pair of encryption flows are provided. The fault tolerant counter may be based on a gray code counter and a hamming distance checker. The complementary pair of encryption flows have different implementations. The output from the complementary pair of encryption flows can be compared, and where different, errors generated.

Providing revocation status of at least one associated credential includes providing a primary credential that is at least initially independent of the associated credential, binding the at least one associated credential to the primary credential, and deeming the at least one associated credential to be revoked if the primary credential is revoked. Providing revocation status of at least one associated credential may also include deeming the at least one associated credential to be not revoked if the primary credential is not revoked. Binding may be independent of the contents of the credentials and may be independent of whether any of the credentials authenticate any other ones of the credentials. The at least one associated credential may be provided on an integrated circuit card (ICC). The ICC may be part of a mobile phone or a smart card.

A method of biometric authentication includes receiving a biometric input from a user for authentication of the user to access a system. The method includes receiving a set of elements of a field and a random number from an authentication server via a network. The method further includes decoding the biometric input based on the set of elements to generate a polynomial. The method also includes generating a signature key based on the polynomial. The method includes signing the random number with the signature key. The method includes sending the signed random number to the authentication server. The method further includes restricting access to the system until the user is authenticated by the authentication server. The method also includes permitting access to the system in response to receiving an authentication message from the authentication server.

The present disclosure relates to the field of terminal technologies, and discloses a service processing method and an electronic device. In the present disclosure, a plaintext message used for performing a service operation is provided in a second electronic device. In this case, when needing to perform service processing, a first electronic device may obtain, by means of encryption transmission between the first electronic device and the second electronic device, the plaintext message provided by the first electronic device, so as to perform service processing based on the plaintext message. No key exchange is involved in the interaction, and a private key of an electronic device is not exported from the device. Therefore, in this process, a device application scenario is significantly extended while information security is ensured.

A method of performing user authentication includes by a service electronic device associated with a service, receiving, from a public electronic device, a request for a user to initiate a session of the service, generating a first security token, a first write token, a first read token, and/or a first delete token, sending the first security token, the first write token, the first read token, and/or the first delete token to a server electronic device, receiving, from the server electronic device, a key location identifier that uniquely identifies a memory location of a data store associated with the server electronic device where the first security token, the first write token, the first read token, and/or the first delete token are stored, saving the key location identifier in a data store associated with the service electronic device, generating a signed key location identifier, generating a machine-readable image that includes the key location identifier, the signed key location identifier and the first write token in an encoded format, and sending the machine-readable image to the public electronic device.

A method of sharing of encrypted data includes, by an electronic device, receiving a password from a user in order to perform an action, receiving a salt value, generating a user key using the password and the salt value, receiving an encrypted key location identifier, decrypting the encrypted key location value to obtain a key location identifier, receiving an encrypted read token value, decrypting the encrypted read token value using the user key to obtain a read token value, and transmitting the read token value and the key location identifier to a server electronic device. The method includes, by the sever electronic device, receiving the read token value and the key location identifier from the electronic device, verifying that the read token corresponds to information stored in a memory location associated with the key location identifier, and in response to verifying that the read token corresponds to information stored in the memory location associated with the key location identifier, transmitting an encrypted encryption key to the electronic device.

A method of performing out-of-band user authentication includes, by a service electronic device associated with a service a request to initiate a session of the service, generating an authentication token, encrypting the authentication token to generate an encrypted authentication token, and transmitting the encrypted authentication token to the electronic device.

Techniques are disclosed relating to electronic security, e.g., for authenticating a mobile electronic device to allow access to system functionality (e.g., physical access to the system, starting an engine/motor, etc.). In some embodiments, a system and mobile device exchange public keys of public key pairs during a pairing process. In some embodiments, an asymmetric transaction process includes generating a shared secret using a key derivation function over a key established using a secure key exchange (e.g., elliptic curve Diffie-Hellman), and verifying a signature of the system before transmitting any information identifying the mobile device. In various embodiments, disclosed techniques may increase transaction security and privacy of identifying information.