This application provides an information processing method in digital asset certificate inheritance transfer, and a related apparatus. The method includes: obtaining a will of a user; and triggering, in response to that a signature made on the will by using a public key of the authoritative entity node is successfully verified by using a private key of the authoritative entity node, transmission of a signature made on at least one digital asset certificate in the will by using a public key of a corresponding inheritor personal security kernel node to the inheritor personal security kernel node corresponding to each inheritor personal security kernel node identifier in the will. In the embodiments of this application, the digital asset certificates of the user are uniformly maintained.

A module with an embedded universal integrated circuit card (eUICC) can include a received eUICC profile and a set of cryptographic algorithms. The received eUICC profile can include an initial shared secret key for authentication with a wireless network. The module can receive a key K network token and send a key K module token to the wireless network. The module can use the key K network token, a derived module private key, and a key derivation function to derive a secret shared network key K that supports communication with the wireless network. The wireless network can use the received key K module token, a network private key, and the key derivation function in order to derive the same secret shared network key K derived by the module. The module and the wireless network can subsequently use the mutually derived key K to communicate using traditional wireless network standards.

The methods and system allow for the generation of a signcrypted biometric electronic signature token using a subsequent biometric sample after an enrollment of a biometric reference value in a biometric system. The signcrypted biometric electronic signature token involves simultaneous encryption and digital signature to protect the confidentiality. The system as described herein provides data integrity, origin authentication, and efficiency by performing encryption and digital signature simultaneously. The process allows a signcrypting party to enroll in a biometric service, sign a piece of data or content using a public key, that may be tied to a trusted anchor certificate authority, and submit a biometric sample. Subsequently, the relying party may validate the information on that piece of data or content to confirm the identity of the signcrypting party.

A method of performing out-of-band user authentication includes, by a service electronic device associated with a service a request to initiate a session of the service, generating an authentication token, encrypting the authentication token to generate an encrypted authentication token, and transmitting the encrypted authentication token to the electronic device.

A set of servers can support secure and efficient “Machine to Machine” communications using an application interface and a module controller. The set of servers can record data for a plurality of modules in a shared module database. The set of servers can (i) access the Internet to communicate with a module using a module identity, (i) receive server instructions, and (iii) send module instructions. Data can be encrypted and decrypted using a set of cryptographic algorithms and a set of cryptographic parameters. The set of servers can (i) receive a module public key with a module identity, (ii) authenticate the module public key, and (iii) receive a subsequent series of module public keys derived by the module with a module identity. The application interface can use a first server private key and the module controller can use a second server private key.

Various embodiments relate to a method of receiving an original message, share-holder list, and threshold amount. The original message is tokenized resulting in a tokenized message. A plurality of shares are generated from the tokenized message using a message sharing algorithm of a secret sharing scheme. Each of the plurality of shares is signcrypted using a public key and a private key associated with the shared secret provider computing system and a public key of a respective one of the share-holders included in the share-holders list, resulting in a plurality of signcrypted shares. The plurality of signcrypted shares is distributed to the respective ones of the share-holders according to the public key used to signcrypt the respective signcrypted share. The authenticity and data integrity of each of the plurality of signcrypted shares can be determined by using the public key associated and a public/private key pair associated with the share-holder.

A method for communication between at least two communicating entities, a first communicating entity generating at least one data message comprising a payload and an authentication heading, the method including generating a context parameter including at least one datum representing the material con-figuration of the first entity; generating a security profile in the authentication heading, which defines the conditions of encoding the payload of the message and of generating a signature by an algorithm applied at least to the payload of the message; including the signature in the generated message; inserting a stored identifier of the first communication entity into the authentication heading; and inserting the safety profile into the payload or into the authentication heading.

Methods and systems for encrypting sensitive information are disclosed comprising hashing sensitive information by a hash function and selecting a salt or key salt based, at least in part, on the hashed sensitive information. If a salt is selected, the selected salt is combined with the hashed sensitive information to yield combined sensitive information, which is encrypted and stored. If a key is selected, such as an AES key, for example, the sensitive information is encrypted by the selected encryption key, and stored. The keys and salts may be encrypted by a cryptographic processing system that generates and stores keys, such as a key management system and/or a hardware security module, for further protection. The salts may be concatenated into a binary large object prior to encryption. Methods and systems for updating of stored records comprising encrypted sensitive information are also described.

One embodiment described herein provides a system and method for facilitating user access to encryption keys stored within a hardware module. During operation, a server coupled to the hardware module receives a key request from the user, the key request comprising a user identifier and a key identifier. The server receives a voice message from the user, extracts voice features from a voiceprint associated with the received voice message, looks up voice features stored within the hardware module based on the user identifier, and compares the extracted voice features with the voice features stored within the hardware module. In response to the extracted voice features matching the stored voice features, the server retrieves from the hardware module an encryption key based on the user identifier and the key identifier.

A data cryptographic device may include a pre-tweak generator to generate pre-tweak values, a pre-tweak value cache memory to store one or more pre-tweak values generated by the pre-tweak generator, and a pre-tweak value selector to check whether a pre-tweak value for an input memory address is stored in the pre-tweak value cache memory. The data cryptographic device may further include a tweak generator to generate a tweak value based on the selected pre-tweak value, and a block cipher to perform at least one block cipher algorithm to at least one of encrypt data, encrypt and authenticate data, decrypt encrypted data, decrypt and verify encrypted and authenticated data, using a cryptographic key and the generated tweak value.