Embodiments of this application disclose a pairing method applied to a short-range communication system and a wireless device in the field of wireless communication. The method includes: obtaining, by a first wireless device, a first password, where the first password is shared by the first wireless device and a second wireless device; and pairing, by the first wireless device, with the second wireless device based on a password-based authenticated key exchange (PAKE) protocol and by using the first password as an encryption password in a key exchange process.

To conduct a payment transaction at a merchant's point of sale using a mobile device, the mobile device initiates an authenticated communication session with a payment agent. The payment agent is an entity responsible for facilitating a payment transaction between the merchant and purchaser via their respective financial institutions. During the authenticated communication session, response to an input indicating the user of the mobile device wishes to make a payment, the mobile device generates a unique payment key that is based on at least one unique data of the mobile device. The mobile device transmits the payment key to the payment agent, and then transfers a copy of the payment key to the point of sale system. The merchant's payment system that transmits the payment key to the payment agent in a transaction request. The payment agent then verifies that the received payment key is the same as they received from the mobile device, and that the authenticated communication session is still valid, and then approves the transaction.

A method for gesture-based multi-factor authentication includes mapping a gesture password to a first substitution string, generating a cryptographic key using the first substitution string as an input to a password authenticated key exchange protocol, encrypting a challenge response with the cryptographic key to generate an encrypted challenge response, and transmitting, to a relying party computing system, a first authentication message comprising the encrypted challenge response and a user identifier identifying a user.

Embodiments of this application provide key update methods and apparatuses in the field of communications technologies. A communications system includes a terminal and a core network device. The terminal can access the core network device using both a first access technology and a second access technology. The first connection and the second connection have a shared key. Key update for the first connection is performed in obtaining a first key identifier that identifies a first key obtained by performing the key update for the first connection. In response to determining that the second connection is in a connected state, the shared key for the second connection and a second key identifier that identifies the shared key are retained. The shared key is kept using for the second connection before performing key update for the second connection.

It is provided an information sharing system, comprising a server, and an in-vehicle system. The server includes: a first storage part; a first key generation part configured to generate a first private key and a first public key, if keys can be exchanged with the in-vehicle system; and a signature generation part configured to generate a signature value of the first public key using a server private key. The in-vehicle system includes: a second storage part configured to store a public key certificate including a server public key; a signature verification part configured to verify the first public key and a signature value received from the server, using a public key certificate; and a second key generation part configured to generate a second private key and a second public key, if a combination of the first public key and the signature value is correct as a result of the verification.

A data transmission method and apparatus are disclosed that resolves a technical problem where an existing data encryption algorithm offers poor security during transmission of data. The solution includes obtaining, by a first terminal, a data transmission request sent by a second terminal, the data transmission request at least carrying first encrypted data that is obtained by encrypting first exchange key of the second terminal by using a private key of the second terminal. The solution further includes decrypting, by the first terminal, the first encrypted data by using a public key of the second terminal to obtain the first exchange key, and obtaining a shared key of the first terminal and the second terminal according to the first exchange key. The solution further includes encrypting, by the first terminal, to-be-transmitted data by using the shared key to obtain encrypted to-be-transmitted data, and sending the encrypted to-be-transmitted data to the second terminal.

An association control method and a related apparatus are provided and are applied to short-range communication. The method includes: determining that an identity of a second node is trusted; sending a first authentication request to the second node, where the first authentication request includes first identity authentication information generated based on a shared key; receiving a first authentication response from the second node, where the first authentication response includes second identity authentication information; performing verification on the second identity authentication information based on the shared key; and updating a first authentication failure counter if the verification fails. This can prevent a node from establishing an association with an unauthorized attacker, and protect data security of the node.

A network node of a mobile communications network may need to generate at least one new Input Offset Value, IOV value, for use in protecting communications between the network node and a mobile station. The network node then associates a fresh counter value with the or each new IOV value; calculates a Message Authentication Code based on at least the at least one new IOV value, the fresh counter value associated with the or each new IOV value, and a constant indicating that the Message Authentication Code is calculated to protect the new IOV value; and transmits the at least one new IOV value, the fresh counter value associated with the or each new IOV value, and the calculated Message Authentication Code to the mobile station.

The present application describes a method, system, and non-transitory computer-readable medium for exchanging encrypted communications using hybrid encryption. According to the present disclosure, a first device receives an encrypted communication from a second device. The encrypted communication includes a first encrypted secret, a second encrypted secret, a first signature, and a second signature. The first device verifies the first signature and the second signature, and, when the first and second signatures are valid, decrypts the first encrypted secret using a first encryption algorithm and the second encrypted secret using a second encryption algorithm. The first device combines the first decrypted secret and the second decrypted secret to recover a first communication and provides the first communication to a user of the first device.

An example method includes receiving an encrypted biometric enrollment data and user identifier data. The encrypted biometric enrollment data includes at least one biometric enrollment sample from a user encrypted using an encryption key. The encryption key is generated based on a user secret and the user identifier is associated with the user. The user identifier is matched with a stored user secret. A decryption key is generated based on the stored user secret. The encrypted biometric enrollment data is decrypted using the decryption key. The at least one biometric enrollment sample is retrieved from the decrypted biometric enrollment data. The at least one biometric enrollment sample is processed using a biometric processing algorithm to generate a biometric reference template. A biometric reference template identifier uniquely identifying the biometric reference template is generated. An encryption key is generated based on the stored user secret and encrypts an enrollment confirmation message.