Encryption and decryption techniques based on one or more transposition vectors. A secret key is used to generate vectors that describe permutation (or repositioning) of characters within a segment length equal to a length of the transposition vector. The transposition vector is then inherited by the encryption process, which shifts characters and encrypts those characters using a variety of encryption processes, all completely reversible. In one embodiment, one or more auxiliary keys, transmitted as clear text header values, are used as initial values to vary the transposition vectors generated from the secret key, e.g., from encryption-to-encryption. Any number of rounds of encryption can be applied, each having associated headers used to “detokenize” encryption data and perform rounds to decryption to recover the original data (or parent token information). Format preserving encryption (FPE) techniques are also provided with application to, e.g., payment processing.

Apparatuses, methods, and systems are disclosed for supporting remote unit reauthentication. One apparatus includes a network interface that receives a first authentication message for reauthenticating a remote unit and a processor that verifies a first domain-name. The first domain-name identifies a key management domain name and an associated gateway function holding a reauthentication security context. Here, the first authentication message includes a NAI containing a first username and the first domain-name. The processor validates the first authentication message using at least the first username and generates a second authentication message in response to successfully validating the first authentication message. Via the network interface, the processor responds to the first authentication message by sending the second authentication message.

According to certain embodiments, an electronic device comprises: a secure element storing at least one content application and backup data associated with the at least one content application; a memory storing instructions; and a processor electrically connected to the secure element and the memory and configured to executed the instructions, wherein execution of the instructions by the processor causes the processor to perform a plurality of operations comprising: when receiving a message requesting a backup operation from an external electronic device, loading encrypted backup data from the secure element, transmitting the backup data to the external electronic device, and when receiving a message about backup completion from the external electronic device, setting the backup data to an unavailable state.

The technology of this application relates to a content transmission protection method and a related device, to avoid leakage of an audio/video stream when a transmit end and a receive end perform authentication. The method includes, in a process of establishing a transmission link between a transmit end and a receive end, the transmit end performs authentication key exchange with the receive end to obtain an authentication key. The transmit end performs session key agreement with the receive end based on the authentication key to obtain a session key. The transmit end performs authorization control on the receive end after establishment of the transmission link between the transmit end and the receive end is completed. The transmit end sends an encrypted audio/video stream to the receive end after the transmit end completes authorization control on the receive end. The encrypted audio/video stream is encrypted based on the session key.

A method and an apparatus for establishing secure communication. The method includes: a terminal device receives a first message from a first network element, where the first message includes an identifier of a second network element and first indication information, and the first indication information indicates a candidate authentication mechanism associated with the second network element. The terminal device establishes a communication connection with the second network element based on the candidate authentication mechanism. The terminal device may obtain an authentication mechanism of the dynamically configured second network element, to meet a requirement for establishing a secure communication connection through authentication in an MEC architecture.

An integrated circuit includes: one or more protected circuits; a license control circuit configured to request, from a license issuer, a license for activating the one or more protected circuits, the license request having a seed value; and a cryptographic circuit configured to verify the authenticity of a license received from the license issuer based on the seed value, wherein the license control circuit is configured to impose a validity limit on the received license, and to request a new license from the license issuer before the validity limit of the received license.

Embodiments herein provide a method and a UE for handling of integrity check failures of Packet Data Convergence Protocol (PDCP) Protocol Data Units (PDUs) in a wireless communication system. The method includes performing an integrity check at a PDCP layer on at least one Radio Bearer based on a Message Authentication Code-Integrity (MAC-I) of the PDCP PDU. The method includes determining a success of integrity check of the PDCP PDU or a failure of integrity check of the PDCP PDU received on the radio bearer. Further, the method includes discarding the PDCP PDU for which integrity is check failed. Furthermore, the method includes indicating a Radio Resource Control (RRC) layer about the integrity check failure on the at least one radio bearer in response to determining a trigger condition.

Disclosed embodiments relate to encoded inline capabilities. In one example, a system includes a trusted execution environment (TEE) to partition an address space within a memory into a plurality of compartments each associated with code to execute a function, the TEE further to assign a message object in a heap to each compartment, receive a request from a first compartment to send a message block to a specified destination compartment, respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request, and subsequently, respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault, wherein each compartment is isolated from other compartments.

A server can record a device static public key (Sd) and a server static private key (ss). The server can receive a message with (i) a device ephemeral public key (Ed) and (ii) a ciphertext encrypted with key K1. The server can (i) conduct an EC point addition operation on Sd and Ed and (ii) send the resulting point/secret X0 to a key server. The key server can (i) perform a first elliptic curve Diffie-Hellman (ECDH) key exchange using X0 and a network static private key to derive a point/secret X1, and (ii) send X1 to the server. The server can conduct a second ECDH key exchange using the server static private key and point X0 to derive point X2. The server can conduct an EC point addition on X1 and X2 to derive X3. The server can derive K1 using X3 and decrypt the ciphertext.

A method of maintaining a data structure comprising: creating a data block; transmitting a message to validator devices requesting permission to add said data block to the data structure; determining that consensus is reached, and in response: forming a first sub-chain in the data-structure by adding the data block to the data structure, the first sub-chain starting with a genesis block and ending with said data block, wherein the data block comprises a block number indicating the number of blocks in the data structure from the genesis block, and creating a further data block; transmitting a further message to the validator devices requesting permission to add said further data block to the data structure; determining that consensus is reached, and in response, forming a second sub-chain by adding the further data block to the data structure after said data block, the second sub-chain starting with said further data block.