Various embodiments relate to a method performed by a processor of a computing system. An example method includes generating a symmetric content encryption key. Content is encrypted using the content encryption key to generate cipher text. A hash of the cipher text is generated. Each of the hash and the content encryption key is signcrypted using each of a signcrypting party public key, a signcrypting party private key and a recipient public key to generate a signcrypted envelope message. The cipher text is embedded in a component of the signcrypted envelope message. The signcrypted envelope message is transmitted to a recipient. The recipient can designcrypt the signcrypted envelope message using each of the recipient public key, a recipient private key, and the signcrypting party public key to retrieve the content encryption key and hash of the cipher text. The recipient can decrypt the cipher text using the content encryption key.

A module with an embedded universal integrated circuit card (eUICC) can include a received eUICC profile and a set of cryptographic algorithms. The received eUICC profile can include an initial shared secret key for authentication with a wireless network. The module can receive a key K network token and send a key K module token to the wireless network. The module can use the key K network token, a derived module private key, and a key derivation function to derive a secret shared network key K that supports communication with the wireless network. The wireless network can use the received key K module token, a network private key, and the key derivation function in order to derive the same secret shared network key K derived by the module. The module and the wireless network can subsequently use the mutually derived key K to communicate using traditional wireless network standards.

Methods and systems are provided for supporting efficient and secure “Machine-to-Machine” (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module.

A method for authenticating an object, comprising determining a physical dispersion pattern of a set of elements, determining a physical characteristic of the set of elements which is distinct from a physical characteristic producible by a transfer printing technology, determining a digital code associated with the object defining the physical dispersion pattern, and authenticating the object by verifying a correspondence of the digital code with the physical dispersion pattern, and verifying the physical characteristic.

Systems and methods for securely sharing and authenticating a last secret. A system includes a dealer computing system and a combining computing system. The dealer computing system includes a public/private key pair, an encryption key established with the combining computing system, and a circuit structured to generate a last secret and a first key controlling access to a secure computing system. The last secret is the last cryptographic element controlling access to the first key. The circuit is structured to split the last secret into first and second splits. The circuit is structured to generate a first and second SigncryptedData messages by signcrypting each of the first split and the second split with the public/private key pair and the encryption key established with the combining computing system. The circuit is structured to transmit the first SigncryptedData message to a first share-holder and the second SigncryptedData message to a second share-holder.

A method of performing out-of-band user authentication includes, by a service electronic device associated with a service a request to initiate a session of the service, generating an authentication token, encrypting the authentication token to generate an encrypted authentication token, and transmitting the encrypted authentication token to the electronic device.

Disclosed is an electronic device for performing code-based encryption supporting integrity verification of a message and an operating method thereof. When a data transmission side encrypts a message through code-based encryption and transmits the encrypted message to a data reception apparatus, the data transmission side is allowed to use a hash value generated based on a part of the message as an error in code-based encryption to support the data reception apparatus to verify an integrity of a received message by using the hash value.

In a system and method for processing detected signals at a detector using a processor, a set of data is converted into a compressed set of data using a compressive sensing component controlled via a processor, the compressed set of data is transformed into a vector and the vector is filtered using a machine learning component controlled via the processor, the filtered vector is encrypted using an encryption component controlled via the processor, and the filtered vector is integrity protected using an integrity protection component controlled via the processor.

A RFID tag, a reader and a protocol allow a protected read operation in a two-step tag authentication with cipher-block cryptography. A challenge-response mechanism using a shared secret symmetric key for tag authentication includes a challenge and information to read data from a tag's memory. Tag's enhanced reply to the challenge-response mechanism includes a response to the reader's challenge and data from the tag's memory. A method embeds a protected write operation in a four-step reader authentication with cipher-block cryptography. The protocol allows a challenge-response mechanism using the shared secret symmetric key for reader authentication including a challenge and information to write data to the tag's memory. Reader's enhanced reply to the challenge-response mechanism includes a response to the tag's challenge and data for writing to the tag's memory. Authenticated read and write data may be in plaintext, message authentication code (MAC)-protected, encrypted, or both encrypted and MAC protected.

A module with an embedded universal integrated circuit card (eUICC) can include a received eUICC profile and a set of cryptographic algorithms. The received eUICC profile can include an initial shared secret key for authentication with a wireless network. The module can receive a key K network token and send a key K module token to the wireless network. The module can use the key K network token, a derived module private key, and a key derivation function to derive a secret shared network key K that supports communication with the wireless network. The wireless network can use the received key K module token, a network private key, and the key derivation function in order to derive the same secret shared network key K derived by the module. The module and the wireless network can subsequently use the mutually derived key K to communicate using traditional wireless network standards.