Embodiments of the invention relate to methods of generating and using an image-based derived key. In various embodiments, the image-based derived key may be used to facilitate user authentication and data encryption. For some embodiments, a method is disclosed comprising determining an image-based derived key, wherein the image-based derived key is generated from a selection of authentication images chosen by a user, encrypting data using the image-based derived key, and transmitting the encrypted data.

A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to another server for decryption. The server receives the decrypted premaster secret and continues with the handshake procedure including generating a master secret from the decrypted premaster secret and generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

A lightweight network protocol provides mutual authentication and encryption of a communication channel in environments where the amount of computing resources available to the networked devices is constrained. When a new device is added to a network, the device contacts a registration service and provides information that is published via a device directory. The network entity locates the device via information provided by the device directory, and establishes an encrypted network connection with the device. A shared secret is established between the device and the network entity using a key-exchange protocol. Consecutive messages that are sent or received are encrypted or decrypted with a sequence of cryptographic keys generated based at least in part on the shared secret. Key-exchange parameters are added to message exchanges between the device and the network entity to facilitate regenerating the shared secret.

A method performed by an authentication server in a home network of a UE for obtaining a subscription permanent identifier, SUPI. The method comprises: receiving a SUCI which comprises an encrypted part in which at least a part of the SUPI is encrypted, and a clear-text part which comprises a home network identifier and an encryption scheme identifier that identifies an encryption scheme used by the UE to encrypt the SUPI in the SUCI; determining a de-concealing server to use to decrypt the encrypted part of the SUCI; sending the SUCI to the de-concealing server; and receiving the SUPI in response. Methods performed by a UE and a de-concealing server are also disclosed. Furthermore, UEs, de-concealing servers, authentication servers, computer program and a memory circuitry are also disclosed.

This invention is directed to an encryption communication system for preventing leakage of a common key and improving the confidentiality of communication information. The encryption communication system uses a pair of a first private portion and a first public portion and a pair of a second private portion and a second public portion in a key predistribution system (KPS) The encryption communication system comprises a ciphertext generator that generates a ciphertext by generating, in a first security chip (TPM) of a first communication apparatus, a first common key by the first private portion held in the first security chip using the second public portion transmitted from a second communication apparatus as a communication partner, and encrypting a plaintext using the first common key in the first security chip, and a decryptor that generates a plaintext by generating, in a second security chip of the second communication apparatus, a second common key by the second private portion held in the second security chip using the first public portion transmitted from the first communication apparatus as a communication partner, and decrypting the ciphertext received from the first communication apparatus using the second common key in the second security chip.

An electronic device is provided. The electronic device includes a first short-range communication module configured to execute short-range communication with a second electronic device, a security module configured to store security information, and a processor configured to receive, from the second electronic device, a pairing key that registers the electronic device as being linked to the second electronic device, transmit session key generation information to the second electronic device when authentication with the second electronic device is completed based on the pairing key, generate a session key based on the session key generation information, encrypt the security information based on the session key, and transmit the encrypted information to the second electronic device.

Systems and methods are disclosed in which data associated with a transaction are protected with encryption. At an access device, a PIN associated with a payment account may be encrypted with a first key derived from an initial key of the access device and sensitive data associated with the payment account may be encrypted with a second key derived from the initial key. At a secure module associated with a host server encrypted sensitive data of an authorization request message may be decrypted. The secure module associated with the host server can re-encrypt the sensitive data using a zone encryption key associated with a payment processing network. A translated authorization request message including the re-encrypted sensitive data can be transmitted by the merchant server to the payment processing network.

Embodiments of the present disclosure relate to data processing technologies, and disclose a fingerprint data processing method and a processing apparatus. In some embodiments, the fingerprint data processing method includes: receiving a first ciphertext that carries fingerprint data; decrypting the first ciphertext to obtain the fingerprint data; identifying the fingerprint data and generating an identification result; encrypting the identification result and generating a second ciphertext that carries the identification result; and sending the second ciphertext. Some embodiments of the present disclosure further provide a fingerprint data processing apparatus. With some embodiments of the present disclosure, the fingerprint data can be transmitted in a ciphertext form, thereby ensuring the confidentiality of the fingerprint data, and improving the security of the fingerprint data.

The present disclosure describes a method, system, and non-transitory computer readable medium that includes instructions that permit users of different secure communication networks to exchange secure communications. A secure communication platform includes a user database that allows users from different secure communication networks to access keys for recipients outside of their network. Additionally, the secure communication platform provides a high degree of trust regarding the sender's identity, allowing the receiving network to trust the sender.

The present disclosure describes a method, system, and non-transitory computer readable medium that includes instructions that permit users of different secure communication networks to exchange secure communications. A secure communication platform includes a user database that allows users from different secure communication networks to access keys for recipients outside of their network. Additionally, the secure communication platform provides a high degree of trust regarding the sender's identity, allowing the receiving network to trust the sender.