A system and method for providing payments is disclosed. A method can include establishing a wireless link between a mobile device and a merchant device. After an instruction is displayed on the mobile device, a combination of a first type of input and a second type of input are received on the mobile device, first type of input including at least one button press of a physical button and the second type of input received from a user to confirm a payment for the purchase. Based on the inputs, payment data is retrieved from a memory of the mobile device. The method includes receiving the payment data at the merchant device to make the purchase, wherein receiving the payment data, via the wireless link, at the merchant device to make the purchase is performed according to a protocol for communicating the payment data to the merchant device.

A failover system can receive active data from user devices running an application specific to a service entity providing an application service. For each user device, the active data can indicate a current status. The failover system can transmit restoration data to the user devices for storage to restore the current status of the user devices in the case of a failover event. When a failover event occurs, the failover system can recover the restoration data from a first user device to restore the current status of the application service for the first user device.

The present application discloses a data exchange system, method, and device. The system comprises a first server configured to acquire a to-be-exchanged data identifier based on requirement information; store the to-be-exchanged data identifier; acquire a storage address of the to-be-exchanged data identifier; and encrypt the storage address of the to-be-exchanged data identifier to generate a first encrypted storage address; and a second server configured to acquire the first encrypted storage address from the first server; decrypt the first encrypted storage address to acquire the storage address of the to-be-exchanged data identifier; acquire the to-be-exchanged data identifier based on the storage address of the to-be-exchanged data identifier; and find to-be-exchanged data indicated by the to-be-exchanged data identifier from a pre-stored data set based on the to-be-exchanged data identifier, such that the first server acquires the to-be-exchanged data from the second server, the data set including data and a data identifier.

The disclosed embodiments relate generally to complex data stream control and entitlement. Specifically, the disclosed embodiments provide systems and methods for ensuring that only authenticated/verified participants receive data streams. A third party, e.g., a party other than the data provider or the data recipient, who is nevertheless associated with both the data provider and the data recipient, may be involved in controlling whether data streams from the data provider can reach the data recipient. Thus, a third party may logically sit between the data provider and the data recipient, and may decide whether the data recipient should receive data streams. The disclosed embodiments implement data generation, flow, control and permissioning between multiple entities via digital assets accessed and manipulated on a shared data structure.

The present disclosure provides a method and system for performing an SSL Handshake. In the method, during an SSL handshake with a target terminal, a target CDN node determines a target service server accessed by the target terminal and obtains information to be processed by a private key; the target CDN node sends a private key processing request to a private key server corresponding to the target service server, the private key processing request carries the information to be processed and target private key processing type information; the private key server processes the information to be processed based on the target private key processing type information and a private key of the target service server and sends a processing result to the target CDN node so that the target CDN node may continue to perform the SSL handshake with the target terminal according to the processing result.

A method for handling biometric templates is disclosed for an authenticating device applying biometric authentication. The method comprises acquiring a set of biometric data associated with a prospect user, and acquiring a decryption key (associated with an encrypted biometric template associated with an enrolled user of the authenticating device) from a key carrying device external to the authenticating device responsive to the key carrying device being in a vicinity of the authenticating device. The method also comprises retrieving, from a storage medium, at least a part of the encrypted biometric template associated with the enrolled user, decrypting the retrieved part of the biometric template using the acquired decryption key and performing an attempt to authenticate the prospect user as the enrolled user based on a comparison between the acquired set of biometric data and the decrypted part of the biometric template.

A method for initiating a secure session using a smartphone as a physical token to provide strong authentication. The phone is used through a public and independent real-time notification service. The notifications are exchanged in an encrypted manner so that their content is only accessible to the mobile phone and the authentication server.

Disclosed herein are systems, methods, and computer-readable storage devices for securely storing, at an electronic device, payment information associated with a payment account, detecting, at the electronic device, a payment operation associated with an application program. In response to the detected payment operation, the method includes determining that an input corresponding to an authorization of a payment transaction has not been locally received at the electronic device within a time period, presenting, in response to the determination, a stimulus indicating that the input corresponding to an authorization of a payment transaction has not been locally received, detecting subsequent to the stimulus presentation an authorization input, the authorization input corresponding to an authorization of a payment transaction, enabling, in response to detecting the authorization input, the payment information to be retrieved and releasing the payment information to the application program.

A communication device capable of performing encrypted communication with other communication device with use of a common key, obtains, from the other communication device, a certificate including a public key and identification information on the other communication device, verifies validity of the certificate on a basis of the identification information on the other communication device included in the certificate, and transmits the common key encrypted by the public key to the other communication device to perform the encrypted communication in a case where the certificate is valid as a result of the verification.

Techniques for key distribution are provided. A first symmetric key is generated for a first downstream site, and a second symmetric key is generated for a second downstream site. The first symmetric key is transmitted to the first downstream site, and the second symmetric key is transmitted to the second downstream site. Upon receiving an indication that the first symmetric key was successfully deployed at the first downstream site, the first symmetric key is deployed on a first network node of an upstream site. Finally, upon determining that the second symmetric key was not successfully deployed at the second downstream site, techniques include refraining from deploying the second symmetric key to a second network node of the upstream site, where the second network node continues to communicate with the second downstream site using an original symmetric key.