СПОСОБ И СИСТЕМА ПРЕДОСТАВЛЕНИЯ ДАННЫХ ДОСТУПА НА МОБИЛЬНОЕ УСТРОЙСТВО

SAFE DATENTRANSFER

SYSTEM AND PROCEDURE FOR THE AUTHENTIFIZIEREN OF A CONTEXT TRANSFER

COMPACT EXPAND-CASH AUTHENTICATION MINUTES PASSWORD PREPROCESSING

PROCEDURE FOR FORMING AND DISTRIBUTING CRYPTOGRAPHIC KEYS IN A PORTABLE RADIO SYSTEM AND EQUIVALENT PORTABLE RADIO SYSTEM

A method and system for preserving privacy during data aggregation in a wireless sensor network

A computer-based system and method for secured privacy preservation scheme while data aggregation in a non-hierarchical wireless sensor network that lacks peer- to-peer communication between the communicating sensor nodes is disclosed. The method and system adopts formation of. self-adaptive efficient cluster formation for robust privacy preservation in the network by grouping the multiple sensor nodes in the network to form multiple clusters that enables low computation overhead and high scalability in the network. The method and system of the invention discloses an effective twin-key management scheme that provides establishment of secure communication among the sensor nodes and the secure communication between at least one sensor node with the sever node performing the function data aggregation of the data collected by the sensor nodes.

SECURE PEER-TO-PEER COMMUNICATION OVER WIRELESS MESH NETWORKS

Systems and methods for secure team-based communication on existing wireless mesh networks are disclosed. In an example network with multiple network nods, a headend system designates a first network node and a second network node as a sub-group of nodes, generates a sub-group encryption key that is unique to the sub-group of nodes, and transmits the sub-group encryption key and the sub-group node list and to the first node and the second node. The first node encrypts an application layer message with the sub-group encryption key and sends the message to the second node. The second node decrypts the application layer message with the sub-group encryption key and performs an action based on the message.

AN ELECTRONIC DATA SHARING DEVICE AND METHOD OF USE

An electronic data sharing device for sharing user related information with users of other electronic data sharing devices, the electronic data sharing device comprising: a data exchange initiation device arranged to detect the initiation of a data exchange request; a tag generation module configured to generate a tag in preparation for the initiation of a data exchange routine, a communication module configured to exchange the tag generated on the electronic data sharing device with a tag generated by a further electronic data sharing device, wherein the exchanged tags enable user related information associated with respective users of the electronic data sharing devices to be subsequently accessed via a communication means by users who have previously initiated the data exchange request, wherein the electronic data sharing device is configured to exchange the tags in order to provide subsequent access to the user related information without requiring, before use of the device, any user ...

KEY GENERATION IN A COMMUNICATION SYSTEM

A communication system generates a Master Session Key (MSK) for accesses to a system entity that does not provide encryption to traffic. Both the home server and the user generate the same MSK. The MSK is used to generate encryption keys for traffic. In one embodiment the MSK is generated using a hashing function and information specific to the requestor. The home server determines the need to generate the MSK based on information contained in an access request message. Once generated, the MSK is provided to the system entity to enable the entity to encrypt communications.

UE-대-네트워크 릴레이 액세스를 위한 키 관리

A method of operating a user equipment, UE, (1000) in a wireless communication system is provided. The method includes obtaining (502) a discovery key for discovery of a UE-to-Network relay from a first application function. The method includes using (504) the discovery key for discovery of the UE-to-Network relay over a PC5 interface. A method of operating a user equipment-to- network, UE-to-NW, relay node in a wireless communication system is also provided. The method includes obtaining (702) a discovery key for discovery of a user equipment, UE, from a first application function. The method includes using (704) the discovery key for discovery of the UE over a PC5 interface.

METHOD, DEVICE AND SYSTEM FOR SELECTING A SECURITY ALGORITHM

A method, device and system for selecting a security algorithm are provided. The method includes: a core network receives an attachment request initiated to a broadband cluster network by a first terminal (UE), wherein the attachment request carries first security capability information supported by the first UE; the core network determines a group to which the first UE belongs, and obtains security capability information of each second UE in the group; and the core network selects a security algorithm supported by both the security capability information of the first UE and the security capability information of each second UE; and sends the selected security algorithm to the first UE as a security algorithm of the group.

Monitoring deciphered S1 packets on unified serving nodes

First and second pluralities of packets transmitted between UE and the USN over a first interface and a second interface are continuously captured. The first, second and third pluralities contains temporary and permanent identifying information and ciphering key information. A fourth plurality of packets transmitted between the USN and a HSS over a fourth interface is captured. The temporary, permanent identifying information and the ciphering key information are correlated to determine mappings stored in a data repository. A fifth plurality transmitted over a fifth interface is continuously captured. Permanent identifying information corresponding to the temporary identifying information retrieved from the unciphered packets of the fifth plurality is retrieved from the data repository based on the stored mappings. NAS deciphering key information corresponding to the retrieved permanent identifying information is retrieved. The ciphered packets of the fifth plurality of packets are deciphered ...

METHOD FOR CONFIGURING A REMOTE STATION WITH A CERTIFICATE FROM A LOCAL ROOT CERTIFICATE AUTHORITY FOR SECURING A WIRELESS NETWORK

A remote station is configured with a certificate from a local root certificate authority for securing a wireless network. To configure the certificate, the remote station forwards a station public key to the local root certificate authority. The station public key is forwarded out-of-band of the wireless network. The remote station receives a certificate and a root public key from the local root certificate authority. The certificate is generated by the local root certificate authority based on the forwarded station public key, and the certificate and the root public key are received out-of-band of the wireless network. The remote station securely communicates, using the wireless network, with another station based on the certificate and the root public key.

AUTHENTICATION OF PHONE CALLER IDENTITY

According to one aspect of the present disclosure, a method and technique for caller authentication is disclosed. The method includes, responsive to receiving a call from a telephone unit, identifying a received encrypted identification object having information associated with an identity of a caller placing the call. A telephone number corresponding to the caller is identified and a decryption key associated with the call is generated by combining the telephone number with a decryption code. The identification object is decrypted using the generated decryption key and an identity of the caller placing the call from the second telephone unit is verified based on the decrypted identification object.

Door Lock Control with Wireless User Authentication

Methods, systems, and computer programs are presented for a self-encrypting device (SED) incorporated into a host system. In one example, the host system includes a memory, a processor, a data channel in communication with the memory and the processor, and the SED. The SED comprises an authentication subsystem, a storage subsystem that stores encrypted data that is encrypted with an encryption key provided by the authentication subsystem, a radio frequency (RF) transceiver, and a data interface in electrical contact with the data channel. The data interface is locked from sending and receiving data until the SED is unlocked by the authentication subsystem with user-authentication information received via the RF transceiver.

Signaling in dual connectivity mobile communication networks

There is disclosed a method of a User Equipment, UE, in a 3rd Generation Partnership Project, 3GPP, compliant mobile communications network supporting dual connectivity, and a corresponding UE. The method comprises detecting a signalled reconfiguration procedure of a Data Radio Bearer, DRB, having or changing to a DRB type in which downlink, DL, data is received from only serving cells of a Secondary Cell Group, SCG, connected to a Secondary eNB, SeNB, via an SCG DRB, or in which DL data is received from a SCG and also from serving cells of a Master Cell Group, MCG, connected to a Master eNB, MeNB, via a split DRB. If a DRB reconfiguration procedure type including one or more of: a handover; an SCG change; and DRB type change; is detected, the method further comprises: deciding one or more required layer 2 DRB-related actions resulting from the DRB reconfiguration based on: the initial DRB configuration; the final DRB configuration; and relevant DRB reconfiguration procedure types; and ...

METHOD AND SYSTEM FOR PROVISIONING ACCESS DATA TO MOBILE DEVICE

DEVICE UPGRADE METHOD AND RELATED DEVICE

METHOD AND APPARATUS FOR CONFIGURING FALLBACK FOR EACH BEARER WHEN DAPS HANDOVER FAILS IN NEXT-GENERATION MOBILE COMMUNICATION SYSTEM

CONNECTION CONTROL

СИСТЕМЫ И СПОСОБЫ ВОДИТЕЛЯ ПО ЗАПРОСУ

МОБИЛЬНОЕ ПЛАТЕЖНОЕ ПРИСПОСОБЛЕНИЕ НА БАЗЕ ТЕХНОЛОГИИ БИОРАСПОЗНАВАНИЯ, СПОСОБ И УСТРОЙСТВО

ГЕНЕРИРОВАНИЕ КЛЮЧЕЙ В СИСТЕМЕ СВЯЗИ

... 1. Способ генерирования ключей в системе связи, содержащий этапы: аутентифицируют доступ к беспроводной локальной сети (WLAN); генерируют главный сеансовый ключ (ГСК) для доступа; и отправляют сообщение согласия на доступ, включающее в себя ГСК. 2. Способ по п.1, в котором этап аутентификации включает в себя этапы: прием идентификации пользователя; определение значения вызова; и определение совместно используемого секрета, и при этом этап генерирования ГСК включает в себя хеширование идентификации пользователя, значения вызова и совместно используемого секрета. 3. Способ по п.1, в котором этап аутентификации включает в себя прием идентификации пользователя; определение значения вызова; и определение случайного значения, и в котором генерирование ГСК включает в себя хеширование идентификации пользователя, значения вызова и случайного значения. 4. Способ по п.2 или 3, в котором прием идентификации пользователя включает в себя прием идентификатора сетевого доступа (NAI). 5. Способ генерирования ...

СПОСОБ ФОРМИРОВАНИЯ И РАСПРЕДЕЛЕНИЯ КРИПТОГРАФИЧЕСКИХ КЛЮЧЕЙ В СИСТЕМЕ МОБИЛЬНОЙ СВЯЗИ И СООТВЕТСТВУЮЩАЯ СИСТЕМА МОБИЛЬНОЙ СВЯЗИ

... 1. Способ формирования и распределения криптографических ключей (318, 322) в системе (100) мобильной связи, содержащей, по меньшей мере, одно мобильное оконечное устройство (103) связи, первый компьютер (113), компьютер исходной коммуникационной сети (109), а также второй компьютер (106, 107), причем мобильное оконечное устройство (103) и компьютер исходной коммуникационной сети (109), в результате аутентификации, содержат аутентификационный материал (312, 314) ключей, отличающийся тем, что мобильным оконечным устройством (103) связи и компьютером исходной коммуникационной сети (109), соответственно с применением аутентификационного материала (312) ключей формируются первый криптографический ключ (318) и второй криптографический ключ (322), первый криптографический ключ (318) передается первому компьютеру (113), второй криптографический ключ (322) передается второму компьютеру (106), первый криптографический ключ (318) и второй криптографический ключ (322) сформированы таким образом, что ...

Device key security

A device receives and stores cryptographic material, e.g. a key, from a server and executes device functions using the material. In response to a trigger event (e.g. power down, power loss, expiry of a time period, detection of movement or tampering, instruction from the server), the device deletes the cryptographic material. In response to a further trigger event such as power-up or reboot, the device receives further cryptographic material from the server. The material is sent during a Generic Bootstrapping Architecture (GBA) procedure. After a deletion phase, functions concerning security (e.g. decryption of device data) are not available until new material is received, but the device retains sufficient functionality to run a further GBA procedure.

Providing an access key for a wireless data network to a wireless node

A first wireless data network such as a WLAN 50 installed in a building 48 extends beyond the boundary of the building and can potentially be accessed by an unauthorised eavesdropper E from outside the building. An authorised wireless node N within the building therefore receives network access control information from a second network of more limited coverage area which does not extend outside the building. The second network transmits an access key to the node N via radio or infra-red transmission. The node N then accesses the WLAN 50 using the received access key. The second network may be installed at doorways or may use the lighting system within the building.

SYSTEM AND PROCEDURE FOR THE SAFE DISTRIBUTION FROM KEYS TO THE PEER TON PEER USE

LIGHTWEIGHT EXTENSIBLE AUTHENTICATION PROTOCOL PASSWORD PREPROCESSING

A method and system for preserving privacy during data aggregation in a wireless sensor network

A computer-based system and method for secured privacy preservation scheme while data aggregation in a non-hierarchical wireless sensor network that lacks peer- to-peer communication between the communicating sensor nodes is disclosed. The method and system adopts formation of. self-adaptive efficient cluster formation for robust privacy preservation in the network by grouping the multiple sensor nodes in the network to form multiple clusters that enables low computation overhead and high scalability in the network. The method and system of the invention discloses an effective twin-key management scheme that provides establishment of secure communication among the sensor nodes and the secure communication between at least one sensor node with the sever node performing the function data aggregation of the data collected by the sensor nodes.

Near field communications (NFC)-based offload of NFC operation

Described herein are architectures, platforms and methods for offloading process or application from a near field communication (NFC) master device for proxy delegation to a proxy NFC device.

System for providing a called party with identity verification of the calling party

A called-party is provided identity verification of the calling-party during a telephone call. A call request is received for a calling-party to place a call with a called-party. A call management platform or the like associates a passcode with the call request and communicates the passcode to an online network resource and/or a mobile application associated with the calling entity. During the call, in the event the called-party requests identity verification of the calling-party, the called-party is requested to access the online network resource or the mobile application. In response to the called-party logging in to the online network resource or the mobile application, the passcode is communicated from the call management platform to the called-party and is presented with a display of the passcode. The calling-party announces the passcode to the called-party which matches the passcode displayed as a means of verifying the identity of the calling-party.

Method and Apparatus for Implementing Bearer Specific Changes as Part of a Connection Reconfiguration that Impacts the Security Keys being Used

A method and apparatus provides a communication connection between a user equipment and a network entity including a plurality of radio bearers having security keys. A connection reconfiguration message is received, which identifies bearer specific changes to be made to a subset of radio bearers including less than all of the plurality of radio bearers, that impact the security keys being used by the subset of radio bearers, where the connection reconfiguration message includes a bearer identification field that identifies the radio bearers included in the subset and a chaining counter. The requested changes are applied to the subset of radio bearers associated with the bearer identification field without resetting the communication connection with the communication network.

METHOD FOR DETECTING THE USE OF UNAUTHORIZED SECURITY CREDENTIALS IN CONNECTED VEHICLES

Embodiments of the present disclosure monitor certificates or other credentials loaded to various components and systems of a vehicle. A set of information identifying credentials that are expected to be present and/or in use can be saved. Periodically, on request, or upon the occurrence of an event or condition, checks can be performed on the credentials individually or in the aggregate using the saved information to determine whether the certificates present and/or in use are those expected or if a change has occurred. If a change is detected, i.e., a difference between the current set of certificates and the saved set of information, the network security system can take some action. The action, depending on the nature of the change detected, can vary from recording and/or reporting the condition up to and including isolating or even disabling a particular component or system on which the changed certificate is used.

WIRELESS PERSONAL AREA NETWORK UNDERLYING CELLULAR NETWORKS

This document discusses, among other things, a wireless personal-area network (PAN) underlying a cellular wide-area network (WAN). The PAN includes a wearable user equipment (UE-W) and a user equipment aggregation node (UE-AN). The UE-W includes processing circuitry to process data for communication with a network of the WAN through the UE-AN, and radio interface circuitry to communicate with the UE-AN through a first air interface. The UE-AN includes processing to process data for communication between the network of the WAN and the UE-W, and radio interface circuitry to communicate with the network of the WAN through the first air interface and with the UE-W through a second air interface. The UE-W and the UE-AN can share a network credential, appearing as a single device to the WAN.

MULTI-LINK WIRELESS COMMUNICATION SECURITY

Мобильное платежное устройство на базе технологии биораспознавания, способ и устройство

Изобретение относится к области мобильных платежных технологий. Техническим результатом является обеспечение мобильного платежа на базе технологии биораспознавания. Раскрыто мобильное платежное устройство на базе технологии биораспознавания, отличающееся тем, что включает следующие компоненты: приложение для распознавания биологической информации и стандартное платежное доверенное приложение (ДП), функционирующее в доверенной среде исполнения (ДСИ), причем: стандартное платежное ДП выполнено с возможностью: устанавливать соединение с несколькими сторонними платежными приложениями; принимать запрос на установление соединения от стороннего платежного приложения; на основании запроса на установление соединения определять целевой контент для шифрования и параметр шифрования для выполнения шифрования; получать результат распознавания биологической информации от приложения для распознавания биологической информации; шифровать целевой контент в соответствии с параметром шифрования и результатом ...

СПОСОБ И УСТРОЙСТВО ДЛЯ ФОРМИРОВАНИЯ ПАРАМЕТРА КРИПТОСИНХРОНИЗАЦИИ

... 1. Устройство для сохранения параметра криптосинхронизации для обработки пакета данных, причем устройство выполнено с возможностью работы в системе беспроводной связи, при этом параметр криптосинхронизации содержит: ! первое поле, связанное с сегментацией пакета данных; ! второе поле, связанное с потоком, имеющим отношение к передаче пакета данных; и ! третье поле, связанное с подсчетом маршрута, имеющего отношение к передаче пакета данных. ! 2. Устройство по п.1, в котором параметр криптосинхронизации дополнительно содержит: ! четвертое поле, связанное с возвращением в исходное состояние сегментации пакета данных. ! 3. Устройство по п.2, в котором параметр криптосинхронизации дополнительно содержит: ! пятое поле, связанное с подсчетом событий переключения на следующее значение первого поля. ! 4. Устройство по п.2, в котором четвертое поле возвращается в исходное состояние, когда первое поле переключается на следующее значение. ! 5. Устройство по п.3, в котором любое из первого поля, второго ...

Signalling in dual connectivity mobile communication networks

A User Equipment, UE, operating in a mobile communications network supporting dual connectivity detects a signalled reconfiguration procedure of a Data Radio Bearer, DRB, having or changing to a DRB type in which downlink, DL, data is received from only serving cells of a Secondary Cell Group, SCG, connected to a Secondary eNB, SeNB, via an SCG DRB, or in which DL data is received from a SCG and also from serving cells of a Master Cell Group, MCG, connected to a Master eNB, MeNB, via a split DRB. If a DRB reconfiguration procedure type including one or more of: a handover: an SCG change; and DRB type change; is detected, deciding required layer 2 DRB-related actions resulting from the DRB reconfiguration based on: initial DRB configuration; final DRB configuration; and relevant DRB reconfiguration procedure types; and performing said decided actions. If multiple triggers for an action are generated, the action is performed only once.

Methods and systems for connecting a wireless communications device to a deployable wireless communications network

SYSTEM AND PROCEDURE FOR SAFE DISTRIBUTING OF KEYS FOR A PEER TON PEER USE

Key generation in a communication system

Secure peer-to-peer communication over wireless mesh networks

Systems and methods for secure team-based communication on existing wireless mesh networks are disclosed. In an example network with multiple network nods, a headend system designates a first network node and a second network node as a sub-group of nodes, generates a sub-group encryption key that is unique to the sub-group of nodes, and transmits the sub-group encryption key and the sub-group node list and to the first node and the second node. The first node encrypts an application layer message with the sub-group encryption key and sends the message to the second node. The second node decrypts the application layer message with the sub-group encryption key and performs an action based on the message.

NEAR FIELD COMMUNICATIONS (NFC)-BASED OFFLOAD OF NFC OPERATION

Described herein are architectures, platforms and methods for offloading process or application from a near field communication (NFC) master device for proxy delegation to a proxy NFC device.

Sending verification password responsive to mobile device proximity

A method includes detecting proximity between a mobile device and a remote device associated with a transaction reserved by a user of the mobile device. A verification password is sent to the remote device responsive to detecting the proximity. A device includes a module to detect proximity between the device and a remote device associated with a transaction reserved by a user of the device and a processor coupled to the module. The processor is to send a verification password to the remote device responsive to detecting the proximity.

ELECTRONIC DATA SHARING DEVICE AND METHOD OF USE

An electronic data sharing device for sharing user related information with users of other electronic data sharing devices, the electronic data sharing device comprising: a data exchange initiation device arranged to detect the initiation of a data exchange request; a tag generation module configured to generate a tag in preparation for the initiation of a data exchange routine, a communication module configured to exchange the tag generated on the electronic data sharing device with a tag generated by a further electronic data sharing device, wherein the exchanged tags enable user related information associated with respective users of the electronic data sharing devices to be subsequently accessed via a communication means by users who have previously initiated the data exchange request, wherein the electronic data sharing device is configured to exchange the tags in order to provide subsequent access to the user related information without requiring, before use of the device, any user ...

Primary secondary cell change method and base station

Embodiments of the present invention disclose a primary secondary cell change method and a base station. The primary secondary cell change method in the embodiments of the present invention includes: determining, by a primary base station, to change a first primary secondary cell served by a secondary base station, and selecting a second primary secondary cell from cells served by the secondary base station; sending, by the primary base station, a first message to the secondary base station, which is used to request the secondary base station to change the primary secondary cell, where the first message includes an identity of the second primary secondary cell; and sending, by the primary base station, a second message to a user equipment UE, which is used to request the UE to use the second primary secondary cell.

Secure remote subscription management

A method and apparatus are disclosed for performing secure remote subscription management. Secure remote subscription management may include providing the Wireless Transmit/Receive Unit (WTRU) with a connectivity identifier, such as a Provisional Connectivity Identifier (PCID), which may be used to establish an initial network connection to an Initial Connectivity Operator (ICO) for initial secure remote registration, provisioning, and activation. A connection to the ICO may be used to remotely provision the WTRU with credentials associated with the Selected Home Operator (SHO). A credential, such as a cryptographic keyset, which may be included in the Trusted Physical Unit (TPU), may be allocated to the SHO and may be activated. The WTRU may establish a network connection to the SHO and may receive services using the remotely managed credentials. Secure remote subscription management may be repeated to associate the WTRU with another SHO.

СИСТЕМЫ И СПОСОБЫ ВОДИТЕЛЯ ПО ЗАПРОСУ

Описаны системы и способы водителя по запросу (ODD). Способ включает в себя генерацию, с помощью системы ODD, программного ключа для транспортного средства, связанного с соглашением между нуждающимся в водителе (DIN) и ODD, контроль, с помощью системы ODD, местоположения устройства ODD, носимого ODD, и передачу, с помощью системы ODD, программного ключа в устройство ODD при обнаружении, что устройство ODD находится вблизи транспортного средства. В способе программный ключ используют для разблокировки транспортного средства. Изобретение позволяет владельцу транспортного средства дать доступ к нему другому водителю, когда владелец не может сам управлять им, без необходимости собственного присутствия владельца. 2 н. и 16 з.п. ф-лы, 15 ил.

СПОСОБ, УСТРОЙСТВО И СИСТЕМА ДЛЯ ОБНОВЛЕНИЯ ПРИВЯЗОЧНОГО КЛЮЧА В СЕТИ СВЯЗИ ДЛЯ ЗАШИФРОВАННОЙ СВЯЗИ С ПРИЛОЖЕНИЯМИ ПРЕДОСТАВЛЕНИЯ УСЛУГ

Изобретение относится к средствам повторного формирования ключей в терминальном устройстве для зашифрованной связи между терминальным устройством и приложением предоставления услуги. Технический результат – повышение защищенности сети связи. Обнаруживают, что первый ключ для обеспечения прямой зашифрованной связи с приложением предоставления услуги, ранее сформированный после успешного завершения первой аутентификации терминального устройства в сети связи, стал недостоверным. Передают запрос на вторую аутентификацию в сеть связи в качестве реакции на обнаружение того, что первый ключ стал недостоверным. Формируют второй ключ для обеспечения прямой зашифрованной связи с приложением предоставления услуги после того, как вторая аутентификация в сети связи является успешной. Заменяют первый ключ вторым ключом и напрямую обмениваются данными с приложением предоставления услуги на основе второго ключа, при этом первый ключ и второй ключ содержат, соответственно, первый привязочный ключ и второй ...

Drahtlosen persönlichen Netzen zugrundliegende Zellennetze

Das Dokument erörtert unter anderem ein drahtloses persönliches Netz (PAN), dem ein Zellen-Weitbereichsnetz (Zellen-WAN) zugrundeliegt. Das PAN enthält ein tragbares AnwendeYrgerät (UE-W) und einen Anwendergerät-Sammelknoten (UE-AN). Das UE-W enthält eine Verarbeitungsschaltungsanordnung, um Daten für die Kommunikation mit einem Netz des WAN durch den UE-AN zu verarbeiten, und eine Funkschnittstellen-Schaltungsanordnung, um durch eine erste Funkschnittstelle mit dem UE-AN zu kommunizieren. Der UE-AN enthält eine Verarbeitung, um die Daten für die Kommunikation zwischen dem Netz des WAN und dem UE-W zu verarbeiten, und eine Funkschnittstellen-Schaltungsanordnung, um durch die erste Funkschnittstelle mit dem Netz des WAN und durch eine zweite Funkschnittstelle mit dem UE-W zu kommunizieren. Das UE-W und der UE-AN können einen Netz-Berechtigungsnachweis gemeinsam benutzen und erscheinen dem WAN als eine einzige Vorrichtung.

Methods and systems for connecting a wireless communications device to a deployable wireless communications network

Methods and systems for connecting a wireless communications device (105) to a deployable wireless communications network (100). The method (400) includes receiving, from the wireless communications device (105) via a mobile management entity (130) (MME) configured to operate as an extensible authentication protocol (EAP) authenticator, an extensible authentication protocol packet. The method (400) further includes authenticating the wireless communications device (105) based on the extensible authentication protocol packet. The method (400) further includes establishing a first wireless connection between the wireless communications device (105) and a deployable subscription bootstrapping service (120) of the deployable wireless communications network (100). The method (400) further includes generating a subscription profile for the wireless communications device (105), and communicating the subscription profile to the wireless communications device (105) via the first wireless connection ...

PROCEDURE FOR THE SICHERSTELLUNG OF THE SECURITY OF THE MEDIUM RIVER IN A IP-MULTIMEDIA-SUBSYSTEM

An electronic data sharing device and method of use

An electronic data sharing device for sharing user related information with users of other electronic data sharing devices, the electronic data sharing device comprising: a data exchange initiation device arranged to detect the initiation of a data exchange request; a tag generation module configured to generate a tag in preparation for the initiation of a data exchange routine, a communication module configured to exchange the tag generated on the electronic data sharing device with a tag generated by a further electronic data sharing device, wherein the exchanged tags enable user related information associated with respective users of the electronic data sharing devices to be subsequently accessed via a communication means by users who have previously initiated the data exchange request, wherein the electronic data sharing device is configured to exchange the tags in order to provide subsequent access to the user related information without requiring, before use of the device, any user ...

METHOD AND SYSTEM FOR AUTHENTICATING A USER

The invention relates to a method and system for authenticating a user (1), wherein an application (3) transmits a query (18) comprising identification data to an authentication service (8), the authentication service (8) determines the address of a mobile terminal (10) linked to the user (1) on the basis of the identification data and transmits a request (20) comprising a transaction identifier to the mobile terminal (10), the mobile terminal (10) performs a query (21) for input of a biometric security feature, grants access to a private key (13) saved on the mobile terminal (10) upon input (22) of a valid security feature, signs the transaction identifier using the private key (14) and transmits the signed transaction identifier back to the authentication service (8), the authentication service (8) verifies the signature of the signed transaction identifier and, in the case of the presence of an authentic signature, transmits a confirmation (26) of the query (18) back to the application ...

KEY GENERATION IN A COMMUNICATION SYSTEM

A communication system generates a Master Session Key (MSK) for accesses to a system entity that does not provide encryption to traffic. Both the home server and the user generate the same MSK. The MSK is used to generate encryption keys for traffic. In one embodiment the MSK is generated using a hashing function and information specific to the requestor. The home server determines the need to generate the MSK based on information contained in an access request message. Once generated, the MSK is provided to the system entity to enable the entity to encrypt communications.

AN ELECTRONIC DATA SHARING DEVICE AND METHOD OF USE

An electronic data sharing device for sharing user related information with users of other electronic data sharing devices, the electronic data sharing device comprising: a data exchange initiation device arranged to detect the initiation of a data exchange request; a tag generation module configured to generate a tag in preparation for the initiation of a data exchange routine, a communication module configured to exchange the tag generated on the electronic data sharing device with a tag generated by a further electronic data sharing device, wherein the exchanged tags enable user related information associated with respective users of the electronic data sharing devices to be subsequently accessed via a communication means by users who have previously initiated the data exchange request, wherein the electronic data sharing device is configured to exchange the tags in order to provide subsequent access to the user related information without requiring, before use of the device, any user ...

mecanismo de sincronização de chave para lan sem fio (wlan)

Method and apparatus for authenticating UE between heterogeneous networks in wireless communication system

A method for performing a security procedure by a terminal in a wireless communication system, and an apparatus thereof. The method includes transmitting a first access request message for accessing a first network of a core network to a first radio access network (RAN) node, performing an authentication procedure for mutual authentication with a node performing an authentication server function (AUSF) of the core network, generating a common key commonly used in one or more networks included in the core network based on an authentication vector obtained through the mutual authentication procedure, generating a first base key of the first network based on the common key and a network code corresponding to a type of the first network, and receiving an access accept message indicating an access accept of the first network from the first RAN node.

Security protection negotiation method and network element

A security protection negotiation method and a network element are disclosed, to implement, based on a 5G network architecture, negotiation between UE and a UPF to start user plane security protection for a current session. The method includes: determining, by an SMF, security protection information used on a user plane in a current session process; sending, by the SMF to UE, a first message including the security protection information used on the user plane; performing, by the UE, integrity protection authentication on the first message based on the security protection information used on the user plane; when the authentication performed by the UE on the first message succeeds, starting, by the UE, user plane security protection, and sending, to the SMF, a second message used to indicate that the authentication performed by the UE on the first message succeeds.

Method and apparatus for refreshing the security keys of a subset of configured radio bearers

A method and apparatus for refreshing the security keys of a subset of configured radio bearers including less than all of the currently configured radio bearers is provided. An indication is received from a network entity to release one or more radio bearers from the subset of configured radio bearers for which the refresh of security keys is desired. A new radio bearer is added for each of the one or more radio bearers being released. Each of the new radio bearers is added with new security keys.

MEMORY DEVICE AND MANAGED MEMORY SYSTEM WITH WIRELESS DEBUG COMMUNICATION PORT AND METHODS FOR OPERATING THE SAME

A memory device implements a method of communication over a wireless medium utilizing an antenna embedded in the memory device. The memory device includes a wireless component that authenticates an external device by verifying a credential structure received from the external device over the wireless medium, responds to a request for a secure communication channel from the external device with a symmetric key, and establishes the secure communication channel with the debugging device over the wireless medium, and servicing requests from the external device to access debugging, testing, and diagnostics data of the memory device.

APPLIANCE, SYSTEM AND METHOD FOR INFORMATION MANAGEMENT IN DENTISTRY

A device comprising an orthodontic or dental appliance for use with a system for information management in dentistry, a system for storing and managing dentistry data such as information about an orthodontic or dental treatment of a person using a private network and a method for information management in dentistry are described.

СПОСОБ ФОРМИРОВАНИЯ И РАСПРЕДЕЛЕНИЯ КРИПТОГРАФИЧЕСКИХ КЛЮЧЕЙ В СИСТЕМЕ МОБИЛЬНОЙ СВЯЗИ И СООТВЕТСТВУЮЩАЯ СИСТЕМА МОБИЛЬНОЙ СВЯЗИ

Изобретение относится к области мобильной связи. Технический результат заключается в повышении криптографической защиты системы мобильной связи. Сущность изобретения заключается в том, что мобильным оконечным устройством связи и компьютером исходной коммуникационной сети соответственно с применением аутентификационного материала ключей формируются первый криптографический ключ и второй криптографический ключ. Первый криптографический ключ передается компьютеру посещаемой коммуникационной сети, а второй криптографический ключ передается серверному компьютеру приложений. 2 н. и 13 з.п. ф-лы, 3 ил.

СПОСОБ ФОРМИРОВАНИЯ КЛЮЧА, ПОЛЬЗОВАТЕЛЬСКОЕ ОБОРУДОВАНИЕ, УСТРОЙСТВО, СЧИТЫВАЕМЫЙ КОМПЬЮТЕРОМ НОСИТЕЛЬ ДАННЫХ И СИСТЕМА СВЯЗИ

Изобретение относится к области связи. Технический результат заключается в формировании унифицированного ключа привязки для разных режимов доступа и осуществления разделения между ключами привязки разных режимов доступа и ключом нижнего уровня, сформированным на основе ключа привязки. Такой результат достигается тем, что формируют, посредством пользовательского оборудования, промежуточный ключ на основе ключа CK шифрования, ключа IK целостности и идентификатора индикации, формируют, посредством пользовательского оборудования, ключ привязки на основе промежуточного ключа, получают, посредством пользовательского оборудования, ключ Kamf нижнего уровня на основе ключа привязки и получают, посредством пользовательского оборудования, ключ KgNB базовой станции на основе Kamf. 7 н. и 40 з.п. ф-лы, 26 ил.

СПОСОБ И УСТРОЙСТВО ДЛЯ ФОРМИРОВАНИЯ ПАРАМЕТРА КРИПТОСИНХРОНИЗАЦИИ

Изобретение относится к телекоммуникационным технологиям, а именно, к способу и устройству для формирования параметра криптосинхронизации. Технический результат заключается в уменьшении накладных расходов на передачу параметра криптосинхронизации. Технический результат достигается тем, что параметр криптосинхронизации генерируется, исходя из полей, связанных с: сегментацией пакета данных; потоком, имеющим отношение к передаче пакета данных; подсчетом маршрута, имеющего отношение к передаче пакета данных. При этом, по меньшей мере, одно из полей имеет переменную длину. 3 н. и 15 з.п. ф-лы, 5 ил.

СПОСОБ ФОРМИРОВАНИЯ КЛЮЧА, ПОЛЬЗОВАТЕЛЬСКОЕ ОБОРУДОВАНИЕ, УСТРОЙСТВО, СЧИТЫВАЕМЫЙ КОМПЬЮТЕРОМ НОСИТЕЛЬ ДАННЫХ И УСТРОЙСТВО СВЯЗИ

Signalling in dual connectivity mobile communication networks

Signalling in dual connectivity mobile communication networks

Waking up a device

Method and system for communicating between a device and a server, the method comprising the steps of the server initiating device wake-up, obtaining generic bootstrapping architecture, GBA, push information, GPI, including security credentials or information used to derive the security credentials, sending a device wake-up message to the device, wherein the device wake-up message includes the GPI, authenticating the security credentials within the GPI to obtain a key and establishing a secure communication channel between the device and the server using the obtained key, wherein the secure communication channel uses a certificate-based protocol and the obtained key is used in place of certificate authentication. The wake-up message may be an SMS message. The device may be an M2M or IoT device ...

PLATFORM FOR COMPUTING AT THE MOBILE EDGE

Disclosed is a platform for providing computational resources at and/or near a mobile network perimeter. The platform may be used to provide computational resources adjacent a small cell radio via at least one Mobile Edge Compute ("MEC") Appliance and at least one MEC Controller. The MEC Appliance can serve as the data plane to support data flow traffic. The MEC Controller can provide a micro-services architecture designed for resiliency, scalability, and extensibility. The platform can be used to de-centralize the mobile network operator's core network and/or associated macro-cell network topologies, generating a platform with enhanced flexibility, reliability, and performance. The platform can include a security architecture for effective privacy and access within a distributed topology of the network at and/or near the edge of the mobile network perimeter.

Method for distributed identification, a station in a network

The present invention relates to a method for identifying and/or, authenticating, and/or authorizing a first radio station in a radio network, comprising the steps of (a) at the first radio station, transmitting to a second radio station a first radio station identifier computed from a set of identity parameters based on the identity of the first radio station, comprising at least one identity parameter, (b) at the first radio station, transmitting at least one identity parameter from the set of identity parameters, (c) at the second radio station, comparing an authentication identifier computed on the basis of the transmitted identity parameter to the first radio station identifier for enabling a subsequent communication between the first and second radio stations.

deslocamento seguro entre pontos de acesso sem fio

Technologies for internet of things key management

Technologies for key management of internet-of-things (IoT) devices include an IoT device, an authority center server, and a group management server. The IoT device is configured to authenticate with an authority center server via an offline communication channel, receive a group member private key as a function of the authentication with the authority center server, and authenticate with a group management server via a secure online communication channel using the group member private key. The IoT device is further configured to receive a group shared key as a function of the authentication with the group management server, encrypt secret data with the group shared key, and transmit the encrypted secret data to the group management server. Other embodiments are described herein.

Wireless LAN security system and method

A wireless LAN security system and method. The system includes a separate server managing an encryption key and an authentication certificate used for security, and providing the encryption key and the authentication certificate to an apparatus that requests them. Such apparatus including a wireless LAN terminal requesting the encryption key and the authentication certificate from the key management server and receiving them, and a wireless LAN access point requesting the encryption key and the authentication certificate from the key management server and receiving them. Accordingly, a user does not have to directly input the encryption key and the authentication certificate. Thus, a data protection level in wireless transmission and a security level of user authentication can be enhanced.

Method and system for charging information recording in device to device (D2D) communication

Embodiments herein provide a method and system of reporting a charging information for a Device-to-Device (D2D) communication established using a wireless network. The method includes recording by a first electronic device the charging information associated with a D2D communication session. The D2D communication session is established between the first electronic device and a second electronic device. Further, the method includes determining by the first electronic device whether the charging information meets charging criteria during the D2D communication session. The charging criteria are generated by a network node in a secure environment of the first electronic device. Further, the method includes reporting the charging information to the network node in the wireless network in response to determining that the charging information meets the charging criteria.

Method for securing a private key

Systems and methods are provided for securing a private key on a mobile device for use with public key cryptography. Specifically, a private key is reduced to two partial keys where the partial keys are stored on separate electronic devices. The partial keys combine to temporarily regenerate the private key for the purposes of notarizing (digitally signing) messages or documents, and decrypting a message or document that was encrypted using the corresponding public key. The partial keys in some embodiments may be a secret key, which can be derived from an account identifier and a password, and an exclusive key, which can be derived from the secret key and the private key. The private key can be regenerated from the secret key and the exclusive key. With the partial keys stored on separate devices, another layer of practical security is provided to public key cryptography.

Apparatus and method for mobility procedure involving mobility management entity relocation

A device that identifies entry into a new service area, transmits a service area update request to a network device associated with a network, receives a control plane message from the network indicating control plane device relocation or a key refresh due to a service area change in response to transmitting the service area update request, and derives a first key based in part on data included in the control plane message and a second key shared between the device and a key management device. Another device that receives a handover command from a network device associated with a network, the handover command indicating a new service area, derives a first key based on data included in the handover command and on a second key shared between the device and a key management device, and sends a handover confirmation message that is secured based on the first key.

Key Change Notification for Authentication and Key Management for Applications

A method performed by a first network node includes transmitting a first subscription request message indicating a request to subscribe to receive notification of changes in an authentication status of a wireless device. A first notification message is received. The first notification message includes an indication of a change in the authentication status of the wireless device.

Bluetooth Networking Method for Electronic Device and Related Device

The method includes a gateway device sending a first authentication request and a second authentication request to a first device. The gateway device obtains a third authentication request from the first device, where the third authentication request is used by the gateway device to verify the first device based on the first identification code and third authentication information. The gateway device sends a fourth authentication request to the first authentication server. The gateway device obtains first confirmation information, second confirmation information, third confirmation information, and fourth confirmation information, and establishes a communication connection between the first device and the gateway device based on all the confirmation information.

ГЕНЕРИРОВАНИЕ КЛЮЧЕЙ В СИСТЕМЕ СВЯЗИ

Изобретение относится к организации межсетевого взаимодействия для системы связи. Система связи генерирует главный сеансовый ключ (ГСК) для доступа к системному объекту, который не обеспечивает шифрование потока данных. Как домашний сервер, так и пользователь генерируют один и тот же ГСК. ГСК используется для генерирования ключей шифрования для потока данных. В одном варианте осуществления ГСК генерируется при помощи хеш-функции и информации, специфичной для запрашивающего. Домашний сервер определяет потребность генерирования ГСК, основываясь на информации, содержащейся в сообщении запроса на доступ. После генерирования ГСК поставляют системному объекту для предоставления объекту возможности шифрования связи. Технический результат заключается в предоставлении возможности обычной аутентификации для доступа и к системе сотовой связи, и к WLAN. 3 н. и 9 з.п.ф-лы, 6 ил.

SECURITY SYSTEM FOR APPARATUSES IN A NETWORK

Mobility enforcement in connected wireless state

Techniques to achieve near zero millisecond mobility of wireless terminals are described. In one example method, a wireless terminal receives a radio resource control message from a source node. The message indicates the use of a simultaneous connectivity mobility of the wireless terminal during a mobility procedure from the source node to a target node. The wireless terminal performs the mobility procedure based on the control message.

UPLINK SMALL DATA TRANSMISSION IN INACTIVE STATE

Certain aspects of the present disclosure relate to methods and apparatus for optimizing delivery of a data to and/or from a UE in a connected but inactive state.

SIMPLIFIED SECURE SYMMETRICAL KEY MANAGEMENT

Nodes of a network are each provided with a seed value and a seed identifier. Each seed value has a corresponding unique seed identifier which is maintained within the system. Within each authorized node, the seed value is combined with a local node identifier, such as a serial number or other unique identifier, to form a cryptographic key that is then used by the node to encrypt and/or decrypt data transmitted and received by that node. The cryptographic key is never transmitted over the network, and each node is able to create a different cryptographic key for use in communicating with other nodes.

SIMPLIFIED SECURE SYMMETRICAL KEY MANAGEMENT

Nodes of a network are each provided with a seed value and a seed identifier. Each seed value has a corresponding unique seed identifier which is maintained within the system. Within each authorized node, the seed value is combined with a local node identifier, such as a serial number or other unique identifier, to form a cryptographic key that is then used by the node to encrypt and/or decrypt data transmitted and received by that node. The cryptographic key is never transmitted over the network, and each node is able to create a different cryptographic key for use in communicating with other nodes.

METHOD AND APPARATUS FOR GENERATING A CRYPTOSYNC

A method and apparatus for generating a cryptosync is disclosed that generates a cryptosync with the desired variability without the overhead in complexity and size of prior cryptosyncs. The cryptosync is generated from a combination of fields including fields relating to the segmentation and reassembly of the data packets at a transmitting terminal and a receiving terminal. The resultant cryptosync does not repeat during the use of a particular security key.

METHOD AND APPARATUS FOR GENERATING A CRYPTOSYNC

A method and apparatus for generating a cryptosync is disclosed that generates a cryptosync with the desired variability without the overhead in complexity and size of prior cryptosyncs. The cryptosync is generated from a combination of fields including fields relating to the segmentation and reassembly of the data packets at a transmitting terminal and a receiving terminal. The resultant cryptosync does not repeat during the use of a particular security key.

무선 통신 시스템에서 AKMA 서비스를 제공하는 방법 및 장치

... 본 개시의 일 실시예에 따르면, 무선 통신 시스템에서 AAnF(AKMA anchor function)에 의해 수행되는 방법이 제공된다. 그 방법은, AF(application function)로부터, 사용자 장비(UE)에 대한 AKMA(authentication and key management for applications) 애플리케이션 키를 요청하는 메시지를 수신하는 단계; 로컬 정책에 기초하여 상기 AAnF가 AKMA 서비스를 상기 AF에 제공할지의 여부를 체크하는 단계; 및 상기 체크하는 단계의 결과에 기초하여, UE에 대한 요청된 AKMA 애플리케이션 키를 도출할지의 여부를 결정하는 단계를 포함할 수 있다.

SIGNALING IN DUAL CONNECTIVITY MOBILE COMMUNICATION NETWORKS

There is disclosed a method of a User Equipment, UE, in a 3rd Generation Partnership Project, 3GPP, compliant mobile communications network supporting dual connectivity, and a corresponding UE. The method comprises detecting a signalled reconfiguration procedure of a Data Radio Bearer, DRB, having or changing to a DRB type in which downlink, DL, data is received from only serving cells of a Secondary Cell Group, SCG, connected to a Secondary eNB, SeNB, via an SCG DRB, or in which DL data is received from a SCG and also from serving cells of a Master Cell Group, MCG, connected to a Master eNB, MeNB, via a split DRB. If a DRB reconfiguration procedure type including one or more of: a handover; an SCG change; and DRB type change; is detected, the method further comprises: deciding one or more required layer 2 DRB-related actions resulting from the DRB reconfiguration based on: the initial DRB configuration; the final DRB configuration; and relevant DRB reconfiguration procedure types; and ...

MOBILITY ENFORCEMENT IN CONNECTED WIRELESS STATE

Techniques to achieve near zero millisecond mobility of wireless terminals are described. In one example method, a wireless terminal receives a radio resource control message from a source node. The message indicates the use of a simultaneous connectivity mobility of the wireless terminal during a mobility procedure from the source node to a target node. The wireless terminal performs the mobility procedure based on the control message.

METHOD AND APPARATUS FOR AUTHENTICATING UE BETWEEN HETEROGENEOUS NETWORKS IN WIRELESS COMMUNICATION SYSTEM

A method for performing a security procedure by a terminal in a wireless communication system, and an apparatus thereof. The method includes transmitting a first access request message for accessing a first network of a core network to a first radio access network (RAN) node, performing an authentication procedure for mutual authentication with a node performing an authentication server function (AUSF) of the core network, generating a common key commonly used in one or more networks included in the core network based on an authentication vector obtained through the mutual authentication procedure, generating a first base key of the first network based on the common key and a network code corresponding to a type of the first network, and receiving an access accept message indicating an access accept of the first network from the first RAN node.

Techniques for decoupling authentication and subscription management from a home subscriber server

Techniques are described to provide for authentication and subscription management that are decoupled from a Home Subscriber Server (HSS). In one example, a method includes providing a device profile at an authentication function, wherein the device profile comprises identification information for a device for a plurality of access types including a first identifier for the device associated with a cellular access and a second identifier for the device associated with a wireless local area network access; obtaining an access request message associated with the device for the cellular access, wherein the access request message comprises the first identifier and an authentication attribute; generating authentication information for authenticating the device for the cellular access based, at least in part, on the authentication attribute; and generating, for transmission, an access accept message for the cellular access, wherein the access accept message comprises the first identifier, the ...

VERFAHREN ZUM BILDEN UND VERTEILEN KRYPTOGRAPHISCHER SCHLÜSSEL IN EINEM MOBILFUNKSYSTEM UND ENTSPRECHENDES MOBILFUNKSYSTEM

Platform for computing at the mobile edge

Method for creating and distributing cryptographic keys in a mobile radio system, and corresponding mobile radio system

Access stratum security for efficient packet processing

Certain aspects of the present disclosure provide techniques for managing security keys for enciphering and deciphering packets transmitted in a wireless communications system. According to certain aspects, a method of wireless communication by a user equipment (UE) is provided. The method generally includes obtaining an indication of a key area identifier (ID) of a first cell node, wherein the key area ID identifies a set of cell nodes that are associated with a network node that uses a first key for enciphering or deciphering messages and communicating a first set of messages with the first cell node using the first key for enciphering or deciphering the first set of messages.

Method and system for transmitting delay media information in ip multimedia subsystem

The present invention provides a method and a system for transmitting delay media information in an IP multimedia subsystem, the system includes: a sending party of media information, a receiving party of the media information, a KMS and a mailbox server of the receiving party of the media information. The method and system of the present invention establishes an end-to-end security association between the sending party and the receiving party of the media information to encrypt the media information between them, without any need for the KMS to store the media key; at the same time, the security association is also established between the sending party and the mailbox server of the receiving party, and between the mailbox server of the receiving party and the receiving party, to perform an integrity protection and a mutual authentication between them, thus the security transmission of the IMS delay media information can be realized.

Method for acquiring information for media independent handover

This document is related to a method for acquiring information for media independent handover. More specifically the method comprises: submitting a media independent handover (MIH) query to a base station (BS) by sending a first request message, and receiving a response to the MIH query. Because the first request message is used for authorization, preferably the PKM message, the MS can acquire information for handover between heterogeneous networks before the MS finishes the network entry.

Method and system for optimizing authentication procedures in media independent hanodver services

A method and system for establishing security association mechanism between a Mobile Node (MN) and a plurality of Point of Services (PoS) are provided. The method includes sending a first request from primary PoS to secondary PoS. The primary PoS then receives a first response along with a derived first key. The first key is derived at the secondary PoS. The method further includes receiving a second request from the MN at the primary PoS. The method then derives a second key based on a MN identity and the derived first key. Thereafter, the method sends a second response along with a second key from the primary PoS to the MN. Further, the method establishes communication between the MN and secondary PoS based on the second key received by the MN and the second key generated at the secondary PoS.

Evolved Packet System Non Access Stratum Deciphering Using Real-Time LTE Monitoring

A monitoring system is coupled to interfaces in an LTE network and passively captures packets from the network interfaces. First data packets associated with an authentication and key agreement procedure are captured on a first interface. Second data packets associated with the authentication and key agreement procedure are captured on a second interface. Individual ones of the first data packets are correlated to individual ones of the second data packets based upon a same parameter. An authentication vector table is created comprising information from the correlated first data packets and second data packets, wherein entries in the table comprise authentication data for a plurality of security contexts. A cipher key is identified to decipher additional packets for the user. The cipher key can also be identified in case of Inter Radio Access Technology Handover by the user equipment.

Security feature negotiation between network and user terminal

A Mobile Station (MS), a Base Station System (BSS) and a Mobile Switching Centre (MSC) of a cellular network, such as GSM, are disclosed. According to one embodiment, the MS is arranged to carry out one or more security features in its communication with the network. For example, the MS may be arranged to: by means of information received in a signalling message ( 0 ) from the network, discover if the network supports one or more of said security features, exchange information with the network in order to enable the use of one or more of the above-mentioned supported security features in the communication, carry out at least one of the one or more of the supported security features in the communication with the network.

Authentication method and apparatus in a communication system

An authentication method and apparatus in a communication system are provided. In a method for authenticating a first node at a second authentication server in a communication system comprising the first node registered to a first authentication server and a second node registered to the second authentication server, an authentication request message requesting authentication of the first node is received from the second node, the authentication request message is transmitted to the first authentication server, and upon receipt of an authentication success message indicating successful authentication of the first node from the first authentication server, the authentication success message is transmitted to the second node.

Mobile communication method

In a mobile communication method according to the present invention includes the steps of: transmitting, from a handover source radio base station to a swithcing center, a handover request including an NCC, a PCI and a K eNB *; changing, at the swithcing center, the NCC, changing, at the swithcing center, the K eNB * on the basis of the PCI, and transmitting, from the swithcing center to the handover target radio base station, the handover request including the changed NCC and the changed K eNB *; generating, at the handover target radio base station, a first key on the basis of the K eNB *; and generating, at the mobile station, the first key on the basis of the NCC and the PCI included in a handover command.

Methods and apparatuses for avoiding damage in network attacks

Methods and apparatuses in a client terminal ( 400 ) and a web server ( 402 ) for enabling safe communication between said terminal and server. When the terminal obtains a web page from the server in a session, the terminal creates a context-specific key, Ks_NAF′, based on one or more context parameters, P1, . . . Pn, pertaining to said session and/or web page. The terminal then indicates the context-specific key in a login request to the server, and the server determines a context-specific key, Ks_NAF′, in the same manner to verify the client if the context-specific key determined in the web server matches the context-specific key received from the client terminal. The context-specific key is thus bound to and valid for the present context or session only and cannot be used in other contexts or sessions.

Method and apparatus for tunneled direct link setup (tdls) for establishing basic service set

Certain aspects of the present disclosure relate to a technique for establishing a direct link between a pair of apparatuses (e.g., stations or access terminals), and setting up a basic service set of the apparatuses via the direct link. An apparatus in the pair can communicate with another apparatus in the pair through a device (e.g., an access point) in a first bandwidth, establish the direct link with the other apparatus in the first bandwidth, and communicate directly with the other apparatus in a second bandwidth different than the first bandwidth, wherein the apparatus and the other apparatus form the basic service set operating in the second bandwidth.

Methods and Arrangements for Authorizing and Authentication Interworking

This disclosure relates to a portable communication device and a network-side authorization server, and to methods therein. By splitting the functionality of an OAuth authorization server and moving the authorization endpoint into, for instance a mobile phone, an authorization server within the mobile phone is provided. This mobile phone authorization server does not need to communicate with the network-side for getting an authorization code or an access token.

Using A Single Certificate Request to Generate Credentials with Multiple ECQV Certificates

A method and apparatus are disclosed for using a single credential request (e.g., registered public key or ECQV certificate) to obtain a plurality of credentials in a secure digital communication system having a plurality of trusted certificate authority CA entities and one or more subscriber entities A. In this way, entity A can be provisioned onto multiple PKI networks by leveraging a single registered public key or implicit certificate as a credential request to one or more CA entities to obtain additional credentials, where each additional credential can be used to derive additional public key-private key pairs for the entity A.

Method for Updating Air Interface Key, Core Network Node and Radio Access System

The disclosure discloses a method for updating an air interface key, a core network node and a radio access system, wherein the method for updating an air interface key comprises: a core network node receives a relocation complete indication message from a target RNC (S 502 ), the relocation complete indication message is configured to indicate the successful relocation of User Equipment (UE) from a source RNC to the target RNC; the core network node uses the saved traditional key and the current enhanced key to calculate a next hop enhanced key (S 504 ); the core network node sends the next hop enhanced key to the target RNC (S 506 ). Through the disclosure, the forward security of users is guaranteed effectively, thus the communication security of the radio access system is improved overall.

Wireless local area network (wlan) gateway system

The invention of present provides for real-time authentication and billing gateway for WLAN traffic. Notably, the improved method for implementing a Wireless Local Area Network (WLAN) gateway system enables telecommunications network operators (and like entities) to rate and bill for services accessed by the wireless user. The logic of the invention supports and furthers the art in regard to advanced real-time rating/billing in addition to providing for a variety of replenishment mechanism for casual users via pre-paid vouchers and credit cards.

SYSTEM AND METHOD FOR PROVIDING SECURITY IN MOBILE WiMAX NETWORK SYSTEM

A method for providing security between a radio access station and an access control router in a mobile microwave access network includes: receiving, by the radio access station and the access control router, the same certificate from a licensed certification authority; generating, by the access control router, an access service network traffic encryption key (asn_TEK); encrypting, by the access control router, a message to be transmitted with the generated asn_TEK and transmitting the encrypted message to the radio access station; verifying, by the radio access station, the certificate of the licensed certification authority appended to the message received from the access control router to check the asn_TEK, and decrypting the message received from the access control router to obtain an actual message; encrypting, by the radio access station, the actual message with the checked asn_TEK and transmitting the encrypted message to the access control router.

Key setting method, node, and network system

A key setting method executed by a node transmitting and receiving data through multi-hop communication in an ad-hoc network among multiple ad-hoc networks, includes detecting connection with a mobile terminal communicating with a server connected to a gateway in each ad-hoc network among the ad-hoc networks; transmitting by simultaneously reporting to the ad-hoc network, an acquisition request for a key for encrypting the data when the connection with the mobile terminal is detected at the detecting; receiving from the server via the mobile terminal, a key specific to a gateway and transmitted from the gateway to the server consequent to transfer of the simultaneously reported acquisition request to the gateway in the ad-hoc network; and setting the key specific to the gateway received at the receiving as the key for encrypting the data.

Public key cryptography for applications requiring generic bootstrap architecture

A mobile terminal is configured to store information associated with accessing an application that requires bootstrapping; recognize an invocation of the application; identify a rule, included in the information, associated with accessing the application; determine whether the rule indicates that a user of the mobile terminal is allowed to access the application; determine whether the mobile terminal supports the bootstrapping; and provide access to the application when the rule indicates that the user of the mobile terminal is allowed to access the application and when the mobile terminal supports the bootstrapping.

Method and System for Secure Mobile File Sharing

A system and method for securely storing, retrieving and sharing data using PCs and mobile devices and for controlling and tracking the movement of data to and from a variety of computing and storage devices.

Method and Apparatuses for End-to-Edge Media Protection in ANIMS System

An IMS system includes an IMS initiator user entity. The system includes an IMS responder user entity that is called by the initiator user entity. The system includes a calling side S-CSCF in communication with the caller entity which receives an INVITE having a first protection offer and parameters for key establishment from the caller entity, removes the first protection offer from the INVITE and forwards the INVITE without the first protection offer. The system includes a receiving end S-CSCF in communication with the responder user entity and the calling side S-CSCF which receives the INVITE without the first protection offer and checks that the responder user entity supports the protection, inserts a second protection offer into the INVITE and forwards the INVITE to the responder user entity, wherein the responder user entity accepts the INVITE including the second protection offer and answers with an acknowledgment having a first protection accept. A method for supporting a call by a telecommunications node.

Systems and methods for facilitating conference calls using security keys

Systems and methods are described that facilitate a conference call between a plurality of communication devices. The method may comprise: providing a first primary communication device; providing a second primary communication device; providing a conference call controller; establishing a first control link between the first primary communication device and the conference call controller; communicating first identification data between the first primary communication device and the conference call controller via the first control link; establishing a media link between the first and second primary communication devices via the conference call controller. In certain embodiments, the first identification data corresponds to at least one participation level of the first primary communication device with respect to the media link. The method may further comprise establishing a second control link between the second primary communication device and the conference call controller; communicating second identification data between the second primary communication device and the conference call controller via the second control link; wherein the second identification data establishes a participation level of the second primary communication device with respect to the media link.

Mobile communication method, radio base station, mobile management node, and mobile station

A mobile communication method according to the present invention includes: a step of updating, by a radio base station eNB or a mobile management node MME, a key K x to be used for transmission/reception of a data signal through an Ud interface or a predetermined parameter X for calculating the key K x when the radio base station eNB or the mobile management node MME has received an “SN wrap indication” or a key update request signal from a mobile station UE# 1 or a mobile station UE# 2; a step of notifying, by the radio base station eNB or the mobile management node MME, the mobile station UE# 1 and the mobile station UE# 2 of the updated key K x or the updated predetermined parameter X; and a step of continuing, by the mobile station UE# 1 and the mobile station UE# 2 , transmission/reception of the data signal.

Secure key distribution with general purpose mobile device

One embodiment is directed to a method for managing cryptographic information. The method includes initiating cryptographic information loading application on a general purpose mobile device (GPMD) and establishing a connection between the GPMD and a server that includes cryptographic information. Authentication input is received from a user of the GPMD. Data identifying the GPMD and the authentication input is sent from the GPMD to the server for authentication of the GPMD and the user. The GPMD also sends data identifying an electronic device into which cryptographic information is to be loaded. In response, the GPMD receives cryptographic information for the electronic device at the GPMD from the server. The GPMD then sends the cryptographic information from the GPMD to the electronic device for loading therein.

Peer-to-peer communication in ad hoc wireless network

For a peer-to-peer call in an ad hoc wireless network, a wireless device performs discovery of a target wireless device, performs authentication of the target wireless device and generates a session key (e.g., using a pre-shared key or a certificate provisioned on the wireless device), forms an ad hoc wireless network with the target wireless device, and communicates peer-to-peer with the target wireless device via the ad hoc wireless network. The wireless device may perform discovery with a list of identifiers for wireless devices designated to communicate with this wireless device. The wireless device may derive a service set identifier (SSID) used to identify the ad hoc wireless network based on its user-specific identifier (e.g., its phone number) and/or a user-specific identifier for the target wireless device. Other aspects, embodiments, and features are also claimed and described.

Performing a group authentication and key agreement procedure

Provided are a method, a corresponding apparatus and a computer program product for performing a group authentication and key agreement procedure. A method comprises initiating, by a master device in a group of devices, a group authentication and key agreement procedure towards an authentication entity, wherein a shared group key is defined for use in the group authentication and key agreement procedure; performing mutual authentication between the master device and the authentication entity based upon the shared group key; and performing mutual authentication between the authenticated master device and other devices in the group based upon the shared group key for completion of the group authentication and key agreement procedure. With the claimed invention, the impact of the signaling overhead on a network can be significantly decreased without substantive modification to the existing architecture of the network.

Mobile communication method and mobile management node

In an attach process executed as a relay node RN, the wasteful use of a resource is avoided. A mobile communication method according to the present invention includes a step of transmitting, by a radio base station DeNB, “(S1) Initial UE message” indicating the attach process executed as the relay node RN to a mobile management node MME in response to “Attach Request (RN)” received from the relay node RN having a secure channel established between the relay node RN and USIM-RN, a step of starting, by the mobile management node MME, “EPS-AKA” between the relay node RN and the USIM-RN in response to the “(S1) Initial UE message”, and a step of failing in the “EPS-AKA” when it is determined that the USIM-RN cannot be used for the attach process executed as the relay node RN.

IN-VEHICLE CONTENT DELIVERY SYSTEM OPERABLE IN AUTONOMOUS MODE AND NON-AUTONOMOUS MODE

Multimedia content may be delivered to content consumer devices via a content-delivery network. Encrypted content and cryptography keys for decrypting the content may be distributed from a data center to various nodes of the content-delivery network, each node acting as a semi-independent content-delivery system. Each content-delivery system is capable of delivering received content to end-users and implementing a key-management scheme to facilitate secure content-delivery and usage tracking, even when the content-delivery system is disconnected from the data center. In other words, the disclosed systems and methods facilitate the operation of nodes which may operate in “autonomous mode” when disconnected from a larger content-delivery network, thus maintaining content-delivery capabilities despite having little if any connectivity to external networks. 1. A system for providing an in-vehicle content-delivery service to mobile consumer devices , the system comprising: one or more processors;', 'one or more communication interfaces that are coupled to the one or more processors and that are configured to: (i) communicatively couple the content delivery system to one or more mobile consumer devices via an in-vehicle network for the vehicle, and (ii) communicatively couple the content delivery system to a license server that is external to the vehicle and that is configured to authorize or not authorize content-requests originating from the one or more mobile consumer devices; and', (i) detect a loss of a connection between the content delivery system and the license server;', '(ii) respond to the detected loss by operating as a proxy for the license server, including performing an authorization operation to determine a particular content-request from a particular mobile consumer device is authorized; and', '(iii) transmit content to the particular mobile consumer device in response to determining that the particular content-request from the particular mobile consumer ...

RADIO NETWORK NODE, NETWORK NODE AND METHODS FOR SETTING UP A SECURE CONNECTION TO THE USER EQUIPMENT (UE)

Embodiments herein relate to e.g. a method performed by a network node for handling a communication of a user equipment, UE, in a wireless communication network. The network node transmits to a radio network node associated with the UE, a request message indicating a request for capability data for the UE, wherein the request message comprises a security indication, and wherein the security indication indicates data for setting up a secure connection to the UE. 1. A method performed by a network node for handling a communication of a user equipment , UE , in a wireless communication network , the method comprising:transmitting to a radio network node associated with the UE OK a request message indicating a request for capability data for the UE, wherein the request message comprises a security indication, and wherein the security indication indicates data for setting up a secure connection to the UE2. The method according to claim 1 , wherein the security indication comprises one or more security keys and/or UE Security Capability claim 1 , and wherein the request message is a UE Capability check request message.3. The method according to claim 1 , wherein the request message is a match request requesting a response indicating whether voice over packet switched is supported or not by the UE and/or the radio network node.4. The method according to claim 1 , wherein the security indication is piggybacked to the request message.5. The method according to claim 1 , further comprising:receiving a capability indication for the UE in a match response, wherein the capability indication indicates a capability of the UE.6. A method performed by a radio network node for handling a communication of a user equipment claim 1 , UE claim 1 , in a wireless communication network claim 1 , the method comprising:receiving from a network node, a request message indicating a request for capability data for the UE, wherein the request message comprises a security indication, and wherein ...

Secure Communication Using Device-Identity Information Linked To Cloud-Based Certificates

Embodiments of the present disclosure provide methods, systems, apparatuses, and computer program products to manage storage of certificate information, including at least a public key and private key, in a manner associated with device-identity information and facilitate secure communication between a user device and a service provider device. A device-identity management system may be provided to receive a secure key request over a carrier network from a user device, the secure key request including device-identity information injected by a carrier device of the carrier network via header enrichment. The device-identity management system may retrieve, from a secured key storage, the private key associated with the device-identity information. The device-identity management system may transmit, from the device-identity management system to the user device over a secured network, secure key information based on the private key. The secure key information may be used for secure communication. 1. A device-identity management system configured to manage storage of certificate information in a manner associated with device-identity information and facilitate secure communication between a user device and a service provider device , the certificate information comprising at least a private key associated with the device-identity information , the device-identity management system comprising at least one processor and at least one memory , the at least one memory having computer-coded instructions therein , wherein the computer-coded instructions , when executed by the at least one processor , cause the device-identity management system to:receive, at the device-identity management system, from the user device, a secure key request indicative of access by the user device of a link configured by the service provider device in response to the service provider device receiving a request for services from the user device, the secure key request comprising at least device- ...

Wireless Network Authentication by a Trusted Virtual Machine

Systems and methods for a virtual machine executing on a host device to establish a secured wireless connection and control a wireless network device without being exposed to the wireless network credentials are provided. A supplicant proxy is provided at the virtual machine to route authentication requests generated at the virtual machine through a supplicant and receive session keys from the supplicant, where the supplicant is at another virtual machine executing on the host device and has access to the network credentials. 1. A method , comprising:generating, at a wireless network stack of a first virtual machine (VM) executing on a host device, an indication to authenticate a wireless data link established between the wireless network stack and a wireless access point via a wireless network device of the host device;sending the indication to authenticate the wireless data link to a supplicant of a second VM executing on the host device;receiving from the supplicant one or more session keys; andsecuring the wireless data link based on the one or more session keys.2. The method of claim 1 , comprising establishing the wireless data link.3. The method of claim 1 , comprising sending the indication to authenticate the wireless data link to the supplicant via a supplicant proxy of the first VM.4. The method of claim 3 , comprising sending the indication to authenticate the wireless data link to the supplicant via the supplicant proxy of the first VM and a supplicant proxy of the second VM.5. The method of claim 1 , wherein the indication to authenticate the wireless data link comprising an extensible authentication protocol (EAP) frame.6. The method of claim 5 , wherein the wireless data link is established based on the Institute of Electrical and Electronics Engineers (IEEE) 802.11 standard and wherein the EAP frame is generated based on the IEEE 802.1X standard.7. A computing apparatus comprising:a wireless network device;a processor; and generate, at a wireless ...

Secure execution and update of application module code

A dynamic root of trust can be injected in an application module on a client device using a backend server and can be continuously monitored to ensure authenticity, integrity and confidentiality at load time, run time and update time of the application module. The dynamic root of trust can be updated directly from the backend server and can be used to establish a time bound trust chain for the other software modules loaded and executed as part of the application module.

Connectivity and feedback techniques for wireless broadcast services

This disclosure provide systems, devices, apparatus and methods, including computer programs encoded on storage media, for broadcast services feedback techniques. Several broadcast connectivity and feedback techniques are described. A broadcast connectivity protocol may be used by different types of wireless communication devices (such as an access point (AP) and station (STA)) to provide or access broadcast services. A security protocol or enhancement to the broadcast connectivity protocol may provide source authentication or verification for broadcast transmissions. The broadcast services feedback techniques can enable an AP to obtain feedback from one or more STAs. In some implementations, a negative acknowledgement (NACK) scheme may be used to efficiently obtain feedback from multiple STAs. The broadcast connectivity and feedback techniques may be used by a STA that does not have a wireless association with the AP. The techniques may be useful in servicing a multiple STAs in an environment.

SYSTEM AND METHOD FOR PROVIDING NETWORK SUPPORT SERVICES AND PREMISES GATEWAY SUPPORT INFRASTRUCTURE

A service management system communicates via wide area network with gateway devices located at respective user premises. The service management system remotely manages delivery of application services, which can be voice controlled, by a gateway, e.g. by selectively activating/deactivating service logic modules in the gateway. The service management system also may selectively provide secure communications and exchange of information among gateway devices and among associated endpoint devices. An exemplary service management system includes a router connected to the network and one or more computer platforms, for implementing management functions. Examples of the functions include a connection manager for controlling system communications with the gateway devices, an authentication manager for authenticating each gateway device and controlling the connection manager and a subscription manager for managing applications services and/or features offered by the gateway devices. A service manager, controlled by the subscription manager, distributes service specific configuration data to authenticated gateway devices. 122-. (canceled)23. A management device for operation at a user premises to provide local application services for a plurality of endpoint devices at the user premises , the management device comprising:at least one processor;one or more interfaces operably coupled to the at least one processors and configured to enable (1) local, bi-directional communication with the plurality of endpoint devices that is located at the user premises and (2) communication with a service provider remote from the user premises; and receive user command data from a control device at the user premises, wherein the control device is separate from the plurality of endpoint devices;', 'operate the one or more interfaces to deliver at least a portion of content based on the user-command data, via the at least one local application, to at least one endpoint device of the plurality of ...

Mapping special subframes in a wireless communication network

Methods, apparatuses, and systems are described related to mapping special subframes in a wireless communication network. In embodiments, an eNB may assign demodulation reference signals (DM-RSs) and/or cell-specific reference signals (CRSs) to a downlink pilot time slot (DwPTS) of a special subframe responsive to a determined configuration of the special subframe. In embodiments, an eNB may bundle the DwPTS or an uplink pilot time slot (UpPTS) of the special subframe with another subframe for scheduling. In embodiments, a UE may estimate a channel associated with the special subframe based on DM-RSs and/or CRSs transmitted in another subframe. In embodiments, an eNB may exclude the DwPTS from scheduling for certain special subframe configurations if a new carrier type (NCT) is used. In embodiments, an eNB may exclude certain special subframe configurations from use for NCT communications. Other embodiments may be described and claimed.

METHOD AND APPARATUS FOR TRANSMITTING PUBLIC SAFETY WARNING MESSAGES OVER NON-3GPP ACCESS NETWORKS IN WIRELESS COMMUNICATION SYSTEM

The present disclosure relates to a pre-5-Generation (5G) or 5G communication system to be provided for supporting higher data rates beyond 4-generation (4g) communication system such as long term evolution (LTE). Embodiments herein disclose a method for transmitting public safety warning messages over a non-3GPP access networks. The method includes receiving, by an Access and Mobility Management Function (AMF) entity of the 3GPP system (), at least one public safety warning message from Cell Broadcast Entity (CBE) and transmitting, by the AMF entity () of the 3GPP system 3GPP system (), at least one public safety warning message to a Non-3GPP Interworking Function (N3IWF) interface entity () of the 3GPP system 3GPP system (), where the N3IWF interface entity () connects the AMF entity () to the non-3GPP access network. Further, the method includes transmitting, by the N3IWF interface entity () of the 3GPP system 3GPP system (), the at least one public safety warning message to at least one User Equipment (UE) over the non-3gpp access. 1160100a. A method performed by an access and mobility management function (AMF) entity () for transmitting public safety warning messages over a non-3GPP access network using a 3GPP system () , the method comprising:{'b': 160', '100', '120, 'i': 'a', 'receiving, by an access and mobility management function (AMF) entity () of the 3GPP system (), at least one public safety warning message from a cell broadcast entity (CBE) (); and'}{'b': 160', '100', '180', '100, 'i': a', 'a, 'transmitting, by the AMF entity () of the 3GPP system (), at least one public safety warning message to a Non-3GPP interworking function (N3IWF) interface entity () of the 3GPP system ().'}2120160100140a. The method of claim 1 , wherein the CBE () routes the at least one public safety warning message to the AMF entity () of the 3GPP system () through a cell broadcast center (CBC) ().3160100a. The method of claim 1 , wherein the public safety warning messages are ...

FAST BASIC SERVICE SET TRANSITION FOR MULTI-LINK OPERATION

This disclosure provides methods, devices and systems that facilitate mobility of wireless communication devices configured for multi-link operation (MLO). Particular aspects more specifically relate to facilitating fast basic service set (BSS) transitions by wireless communication devices that support MLO. For example, some aspects provide support for station (STA) multi-link device (MLD) roaming between access point (AP) MLDs, from an AP MLD to a non-MLO AP, or from a non-MLO AP to an AP MLD. In some aspects, a STA MLD may be configured to use a medium access control (MAC) service access point address (MAC-SAP address) of the AP MLD when re-associating or communicating with a legacy AP or with an AP MLD. In such aspects, the MAC-SAP address may be used by all STAs of the non-AP MLD for fast BSS transitions. 1. A method for wireless communication by a non-access point (non-AP) multi-link device (MLD) , the method comprising:transmitting, by a first station of a plurality of stations of the non-AP MLD to a first AP MLD, an initial association request to initiate an association between the non-AP MLD and the first AP MLD;receiving, from the first AP MLD, a first response to the initial association request from the first AP MLD indicating establishment of a secret key shared by the non-AP MLD and the first AP MLD;generating a first pairwise master key (PMK) based on the secret key;transmitting, by a second station of the plurality of stations of the non-AP MLD to a first target AP, a first reassociation request based on the first response to the initial association request;generating a second PMK based on the first PMK, a medium access control service access point (MAC-SAP) address that uniquely identifies the non-AP MLD in a wireless local area network (WLAN), and a medium access control (MAC) address of the first target AP;receiving, from the first target AP, a second response to the first reassociation request, the second response to the first reassociation request ...

COMMUNICATION APPARATUS, COMMUNICATION METHOD, PROGRAM, AND STORAGE MEDIUM

Identification information indicates that a communication parameter to be provided in accordance with a Device Provisioning Protocol standard is a communication parameter that allows connection processing compliant with an Institute of Electrical and Electronics Engineers 802.11r standard. The identification information is set in an Authentication and Key Management field, and the communication parameter that allows connection processing compliant with the Institute of Electrical and Electronics Engineers 802.11r standard is provided. 1. A communication apparatus comprising:a setting unit configured to set first identification information in an Authentication and Key Management field, the first identification information indicating that a communication parameter to be provided in accordance with a Device Provisioning Protocol standard is a first communication parameter allowing connection processing compliant with an Institute of Electrical and Electronics Engineers 802.11r standard; anda transmitting unit configured to transmit a frame to another communication apparatus, the frame including the Authentication and Key Management field having therein the first identification information set by the setting unit and the first communication parameter.2. The communication apparatus according to claim 1 , further comprising an acquiring unit configured to acquire information from the other communication apparatus claim 1 , the information indicating that the other communication apparatus performs connection processing compliant with the Institute of Electrical and Electronics Engineers 802.11r standard claim 1 ,wherein the setting unit sets the first identification information in the Authentication and Key Management field in a case where the acquiring unit acquires the information indicating that the other communication apparatus performs connection processing compliant with the Institute of Electrical and Electronics Engineers 802.11r standard.3. The communication ...

AUTHENTICATION AND AUTHORIZATION IN PROXIMITY BASED SERVICE COMMUNICATION USING A GROUP KEY

A method of performing authentication and authorization in Proximity based Service (ProSe) communication by a requesting device which sends a request of a communication and a receiving device which receives the request from the requesting device, the method including deriving session keys Kpc and Kpi from an unique key Kp at the requesting and receiving devices, using the session keys Kpc and Kpi for ProSe communication setup and direct communication between the requesting and receiving devices, starting the direct communication with the requesting and receiving devices. The key Kpc is confidentiality key and the key Kpi is integrity protection key. 1. A first User Equipment (UE) for direct communication , the first UE comprising:at least one processor; and receive, from a network node, a message including a group key,', 'receive, from a second UE, an identifier related to the group key, wherein the identifier is received by the second UE from the network node,', 'identify the group key based on the identifier,', 'derive a first key and a second key based on the identified group key, and', 'perform the direct communication with the second UE, the direct communication being protected by the first key and the second key., 'at least one memory coupled to the at least one processor, the at least one memory storing instructions that, when executed by the at least one processor, cause the at least one processor to2. The first UE according to claim 1 , wherein the first key or the second key is an encryption key.3. The first UE according to claim 1 , wherein the UE and the second UE support Proximity Services (ProSe).4. The first UE according to claim 1 , wherein the UE and the second UE get an authorization from a network including at least a Proximity Services (ProSe) Function and a ProSe application server.5. A communication method of a first User Equipment (UE) for direct communication claim 1 , the communication method comprising:receiving, from a network node, a ...

Secure pairing of devices

A process for securely pairing devices. A host device receives an input indicating a user credential for logging into the host device and initiates a scanning process for discovering target devices available for pairing with the host device. During the scanning process, the host device receives wireless pairing information from a target device. The wireless pairing information includes a unique device identifier associated with the target device and an electronic signature generated as a function of a signature key stored at the target device and the unique device identifier. The host device compares the electronic signature with a run-time signature generated at the host device as a function of the user credential received at the host device and the unique device identifier. The host device then initiates a pairing process to establish a short-range communication link with the target device when the electronic signature matches with the run-time signature.

Secure multi-party communication with quantum key distribution managed by trusted authority

Techniques and tools for implementing protocols for secure multi-party communication after quantum key distribution (“QKD”) are described herein. In example implementations, a trusted authority facilitates secure communication between multiple user devices. The trusted authority distributes different quantum keys by QKD under trust relationships with different users. The trusted authority determines combination keys using the quantum keys and makes the combination keys available for distribution (e.g., for non-secret distribution over a public channel). The combination keys facilitate secure communication between two user devices even in the absence of QKD between the two user devices. With the protocols, benefits of QKD are extended to multi-party communication scenarios. In addition, the protocols can retain benefit of QKD even when a trusted authority is offline or a large group seeks to establish secure communication within the group.

Authentication In Heterogeneous IP Networks

The invention proposes a system for authenticating and authorizing network services comprising: a mobile device being adapted to, upon receipt of an information message indicating at least one network access type, determine the network access type, to create a start message containing at least a user identity, and to encapsulate the start message in an authentication message compatible with the access network identified in the information message, and an access controller for reading the encapsulated message from the mobile and forwarding the encapsulated message to an authentication server identified in the encapsulated message. The invention also proposes a corresponding method for authenticating and authorizing network services, and an access control device, a subscriber device and a router device.

Device Key Security

A device, method or server having memory configured to store cryptographic material required to execute one or more device functions. A communications interface for communicating over a network. Logic configured to receive from the server over the communications interface the cryptographic material required to execute the one or more device functions. The device is configured to delete the cryptographic material from the memory.

SCALABLE CERTIFICATE MANAGEMENT SYSTEM ARCHITECTURES

An example system may include one or more application platforms (e.g., VMs) that run a registration authority and are communicatively connected to one or more compute engines that perform cryptographic computations required by the registration authority. The system may also include one or more application platforms that run an enrollment certificate authority and that are communicatively connected to one or more compute engines that perform cryptographic computations required by the enrollment certificate authority. It may further include one or more application platforms that run a pseudonym certificate authority and that are communicatively connected to one or more compute engines that perform cryptographic computations required by the pseudonym certificate authority. It may also include one or more load balancers communicatively connected to the one or more compute engines, the one or more load balancers to perform operations comprising distributing at least one request to the one or more compute engines. 1. A scalable certificate management system for securely providing certificates to a provisioning controller , the scalable certificate management system comprising:one or more application platforms that run a registration authority application and that are communicatively connected to one or more compute engines that perform cryptographic computations requested by the registration authority application;one or more application platforms that run a pseudonym certificate authority application and that are communicatively connected to one or more compute engines that perform cryptographic computations requested by the pseudonym certificate authority application, wherein the pseudonym certificate authority application is operable to generate and conditionally transmit digital assets to the registration authority application; andone or more load balancers communicatively connected to the one or more compute engines, the one or more load balancers being configured to ...

Method and apparatus for storing context information in a mobile device

A method and apparatus for storing and using context information in a wireless communication network are provided. Context information is encrypted and transmitted to a mobile device for storage. A cryptographic key usable for decrypting the context information is stored at a radio access node or other node in the network and an indication of the key and the location of the key is stored at the mobile device. The mobile device transmits a message which includes the key identifier and location and the encrypted context information. The message may further include application data and the encrypted context information may include an indication of a further key for encrypting and decrypting application data in transmissions between the mobile device and the communications network. The encrypted context information may include the further key.

APPARATUS AND METHOD FOR SSP DEVICE AND SERVER TO NEGOTIATE DIGITAL CERTIFICATES

A method of a local bundle assistant (LBA) negotiating a certificate with a secondary platform bundle manager (SPBM) in a wireless communication system including: transmitting a request message requesting information of certificates supported by a secondary secure platform (SSP) to a secondary platform bundle loader (SPBL) of the SSP; receiving the information of certificates supported by the SSP including information of certificate issuers corresponding to a family identifier from the SPBL; transmitting the information of certificates supported by the SSP to the SPBM; and receiving a certificate of the SPBM for key agreement, information of public key identifiers of certificate issuers to be used by the SSP, and information of the family identifier from the SPBM. 1transmitting a request message requesting information of certificates supported by a secondary secure platform (SSP) to a secondary platform bundle loader (SPBL) of the SSP;receiving the information of certificates supported by the SSP including information of certificate issuers corresponding to a family identifier from the SPBL;transmitting the information of certificates supported by the SSP to the SPBM; andreceiving a certificate of the SPBM for key agreement, information of public key identifiers of certificate issuers to be used by the SSP, and information of the family identifier from the SPBM,wherein, the information of certificate issuers corresponding to a family identifier includes information of public key identifiers of certificate issuers that issued certificates included in a certificate chain of the SPBM and are verifiable by the SPBL, information of public key identifiers of certificate issuers that issued certificates included in a certificate chain of the SPBL and are verifiable by the SPBM, and the information of the family identifier.. A method of a local bundle assistant (LBA) negotiating a certificate with a secondary platform bundle manager (SPBM) in a wireless communication system ...

SYSTEM AND METHOD FOR SECURITY PROTECTION OF NAS MESSAGES

Systems and methods that provide NAS security protection for mobile networks. In one embodiment, a network element of a mobile network performs a NAS procedure in multiple phases to establish a NAS communication session with User Equipment (UE) when no NAS security context exists. For a first phase, the network element receives an initial NAS message from the UE populated with a subset of NAS protocol Information Elements (IEs) designated for security-related handling, selects a NAS security algorithm for the NAS security context, and sends a response to the UE that indicates the NAS security algorithm. For a second phase, the network element receives a subsequent NAS message from the UE having a NAS message container that contains the initial NAS message populated with each of the NAS protocol IEs for the NAS procedure, and decrypts the NAS message container of the subsequent NAS message using the NAS security algorithm. 120-. (canceled)21. User Equipment (UE) comprising:at least one processor; andat least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processor, cause the UE to initiate a Non-Access Stratum (NAS) procedure in multiple phases to establish a NAS communication session between the UE and a network element of a mobile network, constructs a first initial NAS message including a first set of NAS protocol Information Elements (IEs) that are designated for security-related handling;', 'sends the first initial NAS message to the network element; and', 'receives a response from the network element that includes a NAS security algorithm and security key set identifier associated with a NAS security context for use by the UE, and, 'wherein, in a first phase of the NAS procedure, the at least one memory and the computer program code are configured, with the at least one processor, to constructs a subsequent NAS message, the subsequent NAS message including a second ...

WIRELESS-NETWORK ATTACK DETECTION

In some examples, a terminal can establish wireless communication with a base station. The terminal can determine a challenge, transmit the challenge, receive a response, and determine that the response is valid. The terminal can, in response, establish a secure network tunnel to a network node. In some examples, a terminal can determine a first communication parameter associated with communication with the base station. The terminal can receive data indicating a second communication parameter via a secure network tunnel. The terminal can determine that the communication parameters do not match, and, in response, provide an indication that an attack is under way against the network terminal. Some example terminals transmit a challenge, determine a response status associated with the challenge, and determine that an attack is under way based on the response status. 1. A network terminal , comprising:a secure storage unit having stored therein a stored key; and attaching to a wireless network using stored network credentials;', 'determining a challenge;', 'after attaching to the wireless network, transmitting the challenge to a network node via the wireless network;', 'subsequently, determining a response status associated with the challenge;', 'determining that an attack is under way based at least in part on the response status;', 'providing an indication that the attack is under way in response to the determining that the attack is under way; and', the determining the challenge is based at least in part on the stored key; or', 'the determining that the attack is under way is based at least in part on the stored key., 'wherein at least], 'a control unit configured to perform operations comprising2. The network terminal according to claim 1 , the operations further comprising:receiving a response to the challenge via the wireless network; anddetermining the response status comprising the response; andwherein the determining that the attack is under way further ...

SECURE VEHICLE TO VEHICLE PTC COMMUNICATION

A computer-implemented method is provided that includes obtaining a first secret and a first public key, and obtaining a second secret a second public key. The method may also include authenticating the first public key of the first vehicle based on a first private key associated with the first vehicle, and authenticating the second public key of the second vehicle based on a second private key associated with the second vehicle. The method may also include preventing a man-in-the-middle attack, by securing at least one of a first vehicle-to-central office communication, a central office-to-first vehicle communication, or a first vehicle-to-second vehicle, wherein the first vehicle-to-central office communication and the central office-to-first vehicle communication are authenticated based on a determined private key associated with a respective first vehicle on-board computer, and sending a message, with the central office server, to a vehicle associated with a conditional movement authority. 1. A computer-implemented method , comprising:obtaining, with a central office server, a first secret and a first public key;obtaining, with the central office server, a second secret a second public key;authenticating, with the central office server, the first public key of the first vehicle based on a first private key associated with the first vehicle;authenticating, with the central office server, the second public key of the second vehicle based on a second private key associated with the second vehicle;preventing a man-in-the-middle attack, by securing at least one of a first vehicle-to-central office communication, a central office-to-first vehicle communication, or a first vehicle-to-second vehicle, wherein the first vehicle-to-central office communication and the central office-to-first vehicle communication are authenticated based on a determined private key associated with a respective first vehicle on-board computer; andsending a message, with the central office ...

RECOVERING DEVICES FROM LIMITED SERVICE DUE TO MIS-CONFIGURATION

Recovering a user equipment (UE) from limited service due to misconfiguration may include providing a universal subscriber identity module (USIM) identification data or a USIM authentication data to a wireless network. Failure data associated with failing to authenticate or identify the UE to the wireless network may be decoded. The failure data received from the wireless network. The failure data may be processed to determine a cause for the failure. Based on processing the failure data, it may be determined that the USIM identification data or the USIM authentication data is misconfigured. In response to determining that the USIM identification data or the USIM authentication data is misconfigured, a recovery for identifying or authenticating the UE to the wireless network may be automatically performed. 1. A user equipment (UE) , comprising:one or more processors; and provide identification data or authentication data associated with the UE to a wireless network that is retrieved from a universal subscriber identity module (USIM);', 'decode failure data associated with failing to identify or authenticate the UE to the wireless network based on the provided identification data or authentication data, the failure data being received from the wireless network;', 'process the failure data to determine a cause for the failure;', 'based on processing the failure data, determine that the identification data or the authentication data is misconfigured; and', 'in response to determining that the identification data or the authentication data is misconfigured, automatically perform a recovery for identifying or authenticating the UE to the wireless network., 'a memory storing instructions that, when executed by the one or more processors, configure the UE to2. The UE of claim 1 , wherein the performed recovery comprises one of to initiate fallback to a 5G system (5GS) NULL-scheme claim 1 , initiate fallback to a next priority protection scheme claim 1 , or downgrade from a ...

Methods And Systems For Managing Network Hotspots

Disclosed are various systems and methods for monitoring and maintaining networks, such as networks associated with a wireless access point. In an aspect, a user device that was connected the wireless access point and loses connectivity to the access point can receive network parameters for implementing a new wireless network, where the network parameters are associated with the network as implemented by the wireless access point that is no longer available. The user device can activate a new wireless hotspot mode using the received network parameters. The resulting new wireless hotspot can implement various aspects of the wireless access point and associated network. The new wireless hotspot enabled by the user device can allow other devices, previously connected to the access point, to automatically connect to the new wireless hotspot. 1. A method , comprising:determining, by a user device, that a geographic distance between the user device and a network device satisfies a threshold;enabling, by the user device, based on determining that the geographic distance between the user device and the network device satisfies the threshold, a wireless hotspot mode of the user device; andestablishing, by the user device and based on the wireless hotspot mode, a network connection with a second user device previously connected to the network device.2. The method of claim 1 , wherein the wireless hotspot mode implements claim 1 , as at least one network parameter of the wireless hotspot mode claim 1 , at least one network parameter of a wireless network associated with the network device.3. The method of claim 2 , further comprising:determining that the geographic distance between the user device and the network device no longer satisfies the threshold; andmodifying, based on determining that the geographic distance between the user device and the network device no longer satisfies the threshold, at least a portion of at least one network parameter of the wireless hotspot ...

SMALL DATA TRANSMISSION (SDT) PROCEDURES AND FAILURE RECOVERY DURING AN INACTIVE STATE

A computer-readable storage medium stores instructions for execution by one or more processors of a UE. The instructions configure the UE for small data transmission (SDT) in a 5G NR network and cause the UE to perform operations comprising detecting while in an RRC_Inactive state, a radio link failure during a first SDT of UL data to a base station. A secure key for a second SDT is generated based on the radio link failure. A configuration message including an indication of the second SDT is transmitted to the base station. A response message including a UL grant is received from the base station. The UL data is encoded for the second SDT using the secure key. The second SDT is performed using the UL grant while the UE is in the RRC_Inactive state. 1. An apparatus for a user equipment (UE) configured for operation in a Fifth Generation New Radio (5G NR) network , the apparatus comprising: detect while in a Radio Resource Control Inactive (RRC_Inactive) state, a radio link failure during a first SDT of uplink (UL) data to a base station;', 'generate a secure key for a second SDT based on the radio link failure;', 'encode a configuration message for transmission to the base station, the configuration message including an indication of the second SDT;', 'decode a response message from the base station, the response message including a UL grant; and', 'encode the UL data for the second SDT, the UL data encoded using the secure key, and the second SDT performed using the UL grant while the UE is in the RRC Inactive state; and, 'processing circuitry, wherein to configure the UE for small data transmission (SDT) in the 5G NR network, the processing circuitry is toa memory coupled to the processing circuitry and configured to store the secure key.2. The apparatus of claim 1 , wherein the processing circuitry is to:decode a second configuration message received from the base station, the second configuration message including at least one next-hop chaining count (NCC) ...

Securing an interface and a process for establishing a secure communication link

The disclosure relates to methods and physical and virtual nodes for securing an interface and for securing a process for establishing a secure communication link between an Application Function located in an unsecure zone and an Authentication Function. In one embodiment, the method comprises the Application Function sending an authentication request message to the Authentication Function, receiving a response to the authentication request from the Authentication Function including an authentication challenge and sending a challenge response to the Authentication Function. The method comprises, upon receiving a response indicating success from the Authentication Function, the Application Function generating a session key using secret authentication credentials and information included in the authentication challenge and the Application Function handshaking with the Authentication Function and establishing the secure communication link using the session key, thereby securing the interface between the Application Function and the Authentication Function.

Methods providing security for multiple nas connections using separate counts and related network nodes and wireless terminals

A first communication node may provide first and second NAS connection identifications for respective first and second NAS connections between the first and a second communication node, with the first and second NAS connection identifications being different and the first and second NAS connections being different. A first NAS message may be communicated between the first and second communication nodes over the first NAS connection, including at performing integrity protection for the first NAS message using the first NAS connection identification and/or performing confidentiality protection for the first NAS message using the first NAS connection identification. A second NAS message may be communicated between the first and second communication nodes over the second NAS connection, including performing integrity protection for the second NAS message using the second NAS connection identification and/or performing confidentiality protection for the second NAS message for confidentiality protection using the second NAS connection identification.

Method and device for downloading profile of operator

Embodiments of the present invention provide a method and device for downloading a profile of an operator, where one method includes: sending, by a terminal to the SM-DP by using an SM-SR, a request for downloading a profile of an operator, where the download request carries the download certificate, an ID of an eUICC of the terminal, and addressing information of the SM-DP; and receiving, by the terminal, the profile of the operator that is sent by the SM-DP by using the SM-SR and is corresponding to the download request, and transmitting the profile of the operator to the eUICC, where the profile of the operator is obtained by the SM-DP according to an identity of the profile of the operator after the SM-DP verifies that the certificate that is for downloading the profile of the operator and is carried in the download request is valid.

System and method for providing vehicle information based on personal authentication and vehicle authentication

An electronic device and method for providing vehicle information based on personal authentication and vehicle authentication are disclosed. According to various example embodiments, an electronic device includes a communication module comprising communication circuitry configured to communicate with a vehicle device and a first server and a processor electrically connected with the communication module, in which the processor is configured to receive an encrypted session key set including at least one session key from the first server, to transmit the encrypted session key set to the vehicle device, receive, from the vehicle device, second vehicle information in which first vehicle information of the vehicle device is encrypted using a first session key of the at least one session key and is signed using a secret key of the vehicle device, and to transmit, to the first server, third vehicle information in which the received second vehicle information is signed using a secret key of a user.

Dynamic configuration of uplink (ul) and downlink (dl) frame resources for a time division duplex (tdd) transmission

Technology for a user equipment (UE) operable to perform adaptive time division duplexing (TDD) hybrid automatic repeat request (HARQ)-ACKnowledgement (ACK) reporting is described. The UE can implement an adaptive uplink-downlink (UL-DL) configuration received from an eNodeB. The UE can process a downlink (DL) HARQ reference configuration received from the eNodeB for a serving cell. The DL HARQ reference configuration can be for the implemented adaptive UL-DL configuration. The UE can format HARQ-ACK feedback for transmission on a physical uplink control channel (PUCCH) or physical uplink shared channel (PUSCH) of the serving cell in accordance with the DL HARQ reference configuration.

Method, apparatus, and system for establishing security context

Embodiments disclose a method, an apparatus, and a system for establishing a security context and relates to the communications field, so as to comprehensively protect UE data. The method includes: acquiring an encryption algorithm of an access node; acquiring a root key and deriving, according to the root key and the encryption algorithm, an encryption key of the access node; sending the encryption key and the encryption algorithm to the access node, so that the access node starts downlink encryption and uplink decryption; sending the encryption algorithm of the access node to the UE so as to negotiate the encryption algorithm with the UE; and instructing the access node to start downlink encryption and uplink decryption and instructing, during algorithm negotiation, the UE to start downlink decryption and uplink encryption.

TRANSMISSION OF GROUP HANDOVER MESSAGE

Methods, apparatuses, and computer readable medium for enabling an efficient group handover mechanism that has less signaling overhead than single UE handover are provided. An example method at a base station includes transmitting a group handover request for the group of UEs to a target base station. The method further includes receiving a group handover acknowledgment from the target base station. The method further includes transmitting a group handover message to the group of UEs. 1. An apparatus for wireless communication of a base station , comprising:a memory; and transmit a group handover request for a group of user equipment (UEs) to a target base station;', 'receive a group handover acknowledgment from the target base station; and', 'transmit a group handover message to the group of UEs., 'at least one processor coupled to the memory and configured to2. The apparatus of claim 1 , wherein the base station communicates with the group of UEs via a satellite claim 1 , and wherein the group handover message is transmitted to each UE in the group of UEs in a radio resource control (RRC) reconfiguration with synchronization.3. The apparatus of claim 1 , wherein the group handover message is transmitted to the group of UEs based on a cell specific common search space claim 1 , and wherein at least a portion of the group handover message is scrambled with a cell specific group radio network temporary identifier (RNTI).4. The apparatus of claim 3 , wherein the at least one processor coupled to the memory is further configured to:provide a common access stratum (AS) key and group specific or default signaling radio bearer configuration to the group of UEs;wherein the base station sends new signaling radio bearer (SRB) information to the group of UEs with integrity protection and ciphering based on the common AS key and a group specific new SRB configuration.5. The apparatus of claim 1 , wherein the group handover message comprises an RRC message comprising a list of ...

Communications Method and Apparatus

A terminal device obtains first slice selection assistance information, where the first slice selection assistance information is obtained by encrypting second slice selection assistance information, and the second slice selection assistance information is selection assistance information of a slice to which the terminal device is allowed to access. The terminal device sends a registration request message to an access network device, where the registration request message includes the first slice selection assistance information. 1. A communications method , comprising:obtaining, by a terminal device, first slice selection assistance information, wherein the first slice selection assistance information is obtained by encrypting second slice selection assistance information, and the second slice selection assistance information is selection assistance information of a slice to which the terminal device is allowed to access; andsending, by the terminal device, a first registration request message to an access network device, wherein the first registration request message comprises the first slice selection assistance information.2. The method according to claim 1 , wherein the obtaining claim 1 , by a terminal device claim 1 , first slice selection assistance information comprises:generating, by the terminal device, the first slice selection assistance information based on the second slice selection assistance information.3. The method according to claim 2 , wherein the generating claim 2 , by the terminal device claim 2 , the first slice selection assistance information based on the second slice selection assistance information comprises:generating, by the terminal device, the first slice selection assistance information based on the second slice selection assistance information, a first function, and a first random number (RAND).4. The method according to claim 3 , wherein before the generating claim 3 , by the terminal device claim 3 , the first slice selection ...

Security unit for an iot device and method for running one or more applications for the secured exchange of data with one or more servers which provide web services

A security unit which is suitable for a device, in particular an IOT device, for running one or more applications for a secure data exchange with one or more servers which provide web services is provided. The security unit is designed with the following:—means for imaging original data onto corresponding replacement data and/or vice versa, wherein the original and/or replacement data forms a respective original and/or replacement key and/or can be used to form same—means for detecting a replacement key which is supplied by an application being ran and which corresponds to an original key, and—means for providing a required original key which corresponds to the replacement key using the imaging means in order to allow the original key to be used for the secure data exchange with the server.

Identifying a slice name information error in a dispersed storage network

A method begins by a processing module sending list digest requests to a set of dispersed storage (DS) units. The method continues with the processing module receiving list digest responses from at least some of the set of DS units and determining whether an inconsistency exists between first and second list digest responses of the list digest responses. The method continues with the processing module requesting at least a portion of each of the slice name information lists from first and second DS units of the set of DS units and identifying a slice name information error associated with the inconsistency based on the at least a portion of each of the slices name information lists of the first and second DS units when the inconsistency exists between first and second list digest responses of the list digest responses.

AUTHENTICATION OF INTERNET OF THINGS DEVICES, INCLUDING ELECTRONIC LOCKS

Methods and systems for authenticating an Internet of Things device, such as an electronic lock, are disclosed. One method includes generating a first challenge at a server; transmitting the first challenge to the Internet of Things device; receiving a first signed certificate from the Internet of Things device, the first signed certificate being the first random number challenge signed with a private key associated with the internet of things device; and verifying the first signed certificate with the first challenge and a public key associated with the Internet of Things device. Mutual authentication of the server from the Internet of Things device is also provided. 1. A method of authenticating an Internet of Things device comprising:generating a first challenge at a server;transmitting the first challenge to the Internet of Things device;receiving a first response from the Internet of Things device; andverifying the first response with the first challenge and a public key associated with the Internet of Things device.2. The method of claim 1 , further comprising:receiving a second challenge from the Internet of Things device;responding to the second challenge to produce a second response;transmitting the second response to the Internet of Things device; andreceiving confirmation of authentication from the Internet of Things device.3. The method of claim 1 , wherein the Internet of Things device is an electronic lock.4. The method of claim 1 , wherein the transmitting occurs via a mobile device in data communication with both the Internet of Things device and the server.5. The method of claim 4 , wherein the mobile device is in data communication with the Internet of Things device via a Bluetooth connection.6. The method of claim 4 , wherein the mobile device is in data communication with the server via a Wi-Fi connection.7. The method of claim 1 , wherein the transmitting occurs directly between the Internet of Things device and the server via a wireless network ...

INFORMATION OBTAINING METHOD AND APPARATUS

This application provides an information obtaining method and an apparatus. The method includes: sending a first initial NAS message including a non-cleartext information element protected using a first root key from a terminal to a source mobility management network element; receiving a second root key and first indication information from the source mobility management network element, where the first indication information indicates that the second root key is an updated key; sending second indication information and third indication information to the terminal based on the first indication information, where the second indication information indicates the terminal to update the first root key stored by the terminal to obtain the second root key, and the third indication information indicates the terminal to resend the initial NAS message; receiving a second initial NAS message including the non-cleartext information element protected using the second root key from the terminal. 1. A communication system , comprising:a target mobility management network element, configured to: receive a first initial non-access stratum (NAS) message from a terminal, wherein the first initial NAS message comprises a non-cleartext information element that is security protected by using a first root key; and send the first initial NAS message to a source mobility management network element; andthe source mobility management network element, configured to: after performing an integrity check on the first initial NAS message, update the first root key stored by the source mobility management network element, to generate a second root key; and send first indication information and the second root key to the target mobility management network element, wherein the first indication information is used to indicate that the second root key is a root key obtained after the first root key is updated, whereinthe target mobility management network element is further configured to send second ...

COMMUNICATION METHOD AND APPARATUS

This application provides a communication method and apparatus, and relates to the field of communication technologies. The method may include: A network device performs integrity protection on system information by using a first private key, and sends the system information, where the system information includes a first public key corresponding to the first private key and/or an index of the first public key. Correspondingly, a terminal device receives the system information from the network device, and if determining that the first public key is valid, the terminal device verifies integrity of the system information by using the first public key. According to this method, on one hand, the terminal device can effectively identify validity of the system information. On the other hand, because the system information includes the first public key and/or the index of the first public key, flexible update of an asymmetric key can be implemented. 1. A communication apparatus , wherein the apparatus comprises a processor , the processor is coupled to a memory , and the memory is configured to store instructions; and when the instructions are run by the processor , the apparatus is enabled to perform:receiving first system information from a first network device, wherein the first system information comprises at least one of: a first public key and an index of the first public key; andif determining that the first public key is valid, verifying integrity of the first system information by using the first public key.2. The apparatus according to claim 1 , wherein integrity protection is performed on the first system information based on a first private key corresponding to the first public key.3. The apparatus according to claim 1 , wherein the determining that the first public key is valid comprises:receiving public key information, wherein the public key information comprises at least one public key; andif the at least one public key comprises the first public key, ...

PDCP AND ROHC HANDLING FOR MULTI-CONNECTIVITY HANDOVER

Techniques to configure a user equipment (UE) for a multi-connectivity handover with a source base station (SBS) and a target base station (TBS) include encoding a measurement report for transmission to the SBS. The measurement report is triggered based on a measurement event configured by the SBS. Radio resource control (RRC) signaling from the SBS is decoded, the RRC signaling including a handover command in response to the measurement report. The handover command includes an indication for multi-connectivity support by the SBS and the TBS during the handover. A first protocol stack associated with the SBS and a second protocol stack associated with the TBS are configured at the UE. A packet data convergence protocol (PDCP) protocol data unit (PDU) received at the UE during the handover is processed using the first protocol stack or the second protocol stack. 1. An apparatus , comprising:a processor configured to cause a user equipment device (UE) to, in association with a multi-connectivity handover with a source base station (SBS) and a target base station (TBS):transmit a measurement report to the SBS, the measurement report triggered based on a measurement event configured by the SBS;receive radio resource control (RRC) signaling from the SBS, the RRC signaling including a handover command, the handover command including an indication for multi-connectivity support during the handover;configure a first protocol stack associated with the SBS and a second protocol stack associated with the TBS; andprocess a packet data convergence protocol (PDCP) protocol data unit (PDU) received at the UE during the handover, using the first protocol stack or the second protocol stack.2. The apparatus of claim 1 , wherein the processor is further configured to cause the UE to perform one of the following:process the PDCP PDU using the first protocol stack, based on detecting the PDCP PDU originates from the SBS; orprocess the PDCP PDU using the second protocol stack, based on ...

CONTEXT PREPARATION FOR CONSECUTIVE CONDITIONAL HANDOVERS

A method includes determining, by a source base station, based on at least one of a measurement report received from a terminal device and a mobility trajectory of the terminal device, a prepared cell list that includes a set of cells where the terminal device is capable of handover. The method includes sending at least one required context for the handover to the set of cells in the prepared cell list. The method also includes receiving acknowledgement from the set of cells. The method further includes sending a handover complete message, which contains the prepared cell list, to the terminal device, wherein the prepared cell list provides a capability for the terminal device to make a number of handovers when the terminal device is within a coverage area of the set of cells. 111.-. (canceled)12. A method , comprising:sending, by a terminal device, at least one measurement report to a source base station;receiving, by the terminal device and in response to the at least one measurement report, a handover command from the source base station, wherein the handover command includes a prepared cell list of a set of cells where the terminal device is capable of handover and the prepared cell list provides a capability for the terminal device to make a number of handovers in response to the terminal device being within a coverage area of the set of cells;performing, by the terminal device, synchronization and random access with at least one cell from the set of cells; andsending, by the terminal device, a handover complete message to the at least one cell.13. The method according to claims 12 , wherein the handover complete message further includes a handover history of the terminal device of one or more handovers from the source base station to reach the at least one cell.14. The method according to claim 12 , wherein each prepared cell in the prepared cells list has multiple contexts claim 12 , wherein each context is based on a path for the terminal device to reach a ...

Network Devices

The present disclosure is related to systems, methods, and processor readable media for distributing digital data over networks. Certain embodiments relate to systems, methods, and devices used within such networks where at least a substantial portion of the interconnected devices are capable of interacting with one or more neighbouring devices, and then to form such a time synchronous network using local network information. 1. A network system comprising a plurality of devices wherein a substantial portion of the plurality of devices are capable of one or more of the following: transmitting data and receiving data; wherein the distance between devices allows communication between at least one device and at least one other device; and wherein at least a portion of the plurality of devices comprising the network system configure themselves based on local network information.2. The network system of claim 1 , wherein the network has substantially no access points and substantially no routers; and wherein a substantial portion of the plurality of devices are synchronous in time.3. The network system of claim 1 , wherein the substantial portion of the plurality devices are synchronous in time and the network is substantially internal interference free.4. The network system of claim 1 , wherein at least one device from the plurality of devices stores previous configurations and the network build up time is one or more of the following: less than 10 minutes claim 1 , less than 5 minutes claim 1 , less than 1 minute claim 1 , less than 30 seconds claim 1 , less than 10 seconds claim 1 , less than 5 seconds claim 1 , less than 1 second claim 1 , less than 100 msec claim 1 , less than 50 msec and less than 10 msec.5. The network system of claim 1 , wherein the number of devices is N; wherein at least one device from the plurality of devices comprising the network system stores previous configurations and the network build up time is one or more of the following: less than ...

Securely providing a password using an internet of things (iot) system

An apparatus and method are described for securely providing a User ID and/or password to an IoT device. For example, one embodiment of a method comprises: receiving at an Internet of Things (IoT) service a request from a mobile device over a first communication channel to transmit credentials for a particular online service to an IoT device, responsively encrypting the credentials to generate encrypted credentials and transmitting the encrypted credentials to the IoT device over a second communication channel, decrypting the encrypted credentials at the IoT device, and providing the credentials by the IoT device to a computer over a third communication channel, the computer causing the credentials to be provided to the online service to authenticate the user.

Digital signature-over-voice for caller id verification

In an approach to caller ID verification by digital signature, a computing device receives authenticating information associated with a caller. The computing device creates a call record based on the authenticating information. The computing device retrieves additional information associated with the caller. The computing device updates the call record based on the additional information. The computing device retrieves a digital signature associated with the caller. The computing device retrieves public key information associated with the caller. The computing device performs a digital signature assessment based on the public key information. The computing device updates the call record based on the digital signature assessment. The computing device adds timestamp information to the call record. The computing device receives a request from a call recipient device. The computing device communicates information based on the call record to the call recipient device. The computing device marks the call record as expired.

Method and system for secure transmission of small data of MTC device group

Disclosed is a method for secure transmission of small data of a machine type communication (MTC) device group, comprising a process wherein an MTC device and an MTC-Interworking Function (MTC-IWF) generate a shared key KIWF on the basis of a GBA procedure, the MTC device and a bootstrapping server (BSF) performing AKA authentication: a home subscriber server (HSS) determines whether the MTC device belongs to the MTC device group and whether said device has small data transmission and reception capabilities; if said device belongs to said group and has said capabilities, an AKA authentication vector generated on the basis of the MTC device group key is sent to said BSF; the BSF carries out AKA authentication with the MTC device on the basis of the received AKA authentication vector. Also disclosed is a system for secure transmission of small data of an MTC device group.

Identifier management

A method for managing identifiers can include receiving, in an identifier management system, a request for an identifier in a computing system. The method can also include verifying availability of the identifier. The method can further include returning an affirmative response to a requesting party.

Communication Method and Communications Apparatus

A communication method and a communications apparatus, where the method includes: after receiving an RRC resume request message from a UE, determining, by a target access network device, a first user plane security protection method between the target access network device and the UE based on a context information obtaining response from a source access network device; determining a first user plane security key between the target access network device and the UE; when receiving first uplink user plane data from the UE, performing user plane security deprotection on the first uplink user plane data based on the first user plane security key and the first user plane security protection method, to obtain uplink user plane data; and sending the uplink user plane data. 1. A communications system , comprising: receive a radio resource control (RRC) resume request from a user equipment (UE), wherein the RRC resume request comprises an inactive-radio network temporary identifier (I-RNTI); and', 'send a context information obtaining request comprising the I-RNTI; and, 'a target access network device configured to receive the context information obtaining request from the target access network device;', 'obtain first indication information based on the I-RNTI, wherein the first indication information indicates a user plane security protection method used before the source access network device and the UE enter an inactive state from a connected state, and wherein the user plane security protection method indicates whether at least one of user plane encryption protection or user plane integrity protection is enabled; and', 'send a context information obtaining response to the target access network device, wherein the context information obtaining response comprises the first indication information,, 'a source access network device configured to receive the context information obtaining response from the source access network device; and', 'activate, using the user plane ...

APPARATUS, SYSTEM AND METHOD FOR SCE

In order for supporting separate ciphering at an MeNB () and an SeNB (), the MeNB () derives separate first and second keys (KUPenc-M, KUPenc-S) from a third key (KeNB). The first key (KUPenc-M) is used for confidentially protecting first traffic transmitted over U-Plane between the MeNB () and a UE (). The first key (KUPenc-M) may be the same as current KUPenc or a new key. The second key (KUPenc-S) is used for confidentially protecting second traffic transmitted over the U-Plane between the UE () and the SeNB (). The MeNB () sends the second key (KUPenc-S) to the SeNB (). The UE () negotiates with the MeNB (), and derives the second key (KUPenc-S) based on a result of the negotiation. 1. A communication method of a base station for dual connectivity (DC) , the method comprising:the base station receiving, from another base station, a first key for the DC;deriving a user plane (UP) key for protecting UP traffic between the base station and a user equipment (UE), the base station also obtaining a second key based on the first key; andconfidentially protecting the UP traffic between the UE and the base station by using the UP key.2. The communication method according to claim 1 , wherein the base station is a secondary base station and the another base station is a master base station.3. The communication method according to claim 1 , wherein the another base station derives the first key from a third key.4. The communication method according to claim 1 , wherein the UE controls deletion of the UP key that is derived by the UE.5. The communication method according to claim 1 , wherein the UE performs control for Packet Data Convergence Protocol (PDCP) COUNT.6. A base station for dual connectivity (DC) claim 1 , the base station comprising:at least one processor; andat least one memory coupled to the at least one processor, the memory storing instructions that when executed by the processor cause the at least one processor to:receive a first key for the DC from ...

Asymmetric key exchange between user equipment using sip

A carrier network may provide for asymmetric key exchange for end to end encryption between user equipment utilizing capability upload and discovery messages of the carrier network. For example, a carrier network may receive a capability upload message from a first user equipment. The carrier network may determine that the capability upload message includes a key bundle for end to end (E2E) encryption of communications. In response, the carrier network may store the key bundle in a key distribution center (KDC). The carrier network may also receive, from a second user equipment, a capability discovery message requesting capability information for the first user equipment. In response, the carrier network may request and receive the key bundle from the KDC and transmit the key bundle to the second user equipment.

METHOD AND APPARATUS FOR MANAGING AND VERIFYING CERTIFICATE

A method of managing and verifying a certificate of a terminal is provided. The method includes obtaining certificate information that is usable when downloading and installing a specific bundle corresponding to at least one of a secondary platform bundle family identifier or a secondary platform bundle family custodian identifier, transmitting, to a secondary platform bundle manager, the certificate information corresponding to the at least one of the secondary platform bundle family identifier or the secondary platform bundle family custodian identifier of the specific bundle, and receiving, from the secondary platform bundle manager, at least one of a certificate of the secondary platform bundle manager, certificate information to be used by a smart secure platform (SSP), the secondary platform bundle family identifier, or the secondary platform bundle family custodian identifier. 1. A method of a smart secure platform (SSP) in a terminal verifying certificate in a wireless communication system , the method comprising:receiving, from a local bundle assistant (LBA), an SSP credential request including an SPBM credential, wherein the SPBM credential includes secondary platform bundle family identifier (SPB Family ID), secondary platform bundle family custodian object identifier (SPB Family Custodian Object ID) and a first secondary platform bundle manager (SPBM) certificate for key agreement, and wherein the first SPBM certificate for the key agreement includes a public key for key agreement of a SPBM;verifying the first SPBM certificate based on the SPB Family ID and the SPB Family Custodian Object ID;generating an ephemeral key pair of a SSP ephemeral public key and a SSP ephemeral secret key;generating a first session key based on the SSP secret public key and the public key for key agreement of the SPBM;generating the SSP credential based on the first session key; andtransmitting, to the LBA, the generated SSP credential,wherein the SPB Family ID represents an ...

METHOD FOR THE AUTOMATIC CONFIGURATION BY AUDIO CHANNEL OF A WIRELESS DEVICE

A method for automatically configuring a new electronic device for connecting to a wireless access point of a communication network; initially the audio channel for communication between the new electronic device and one or more electronic devices already connected to the network is established; secondly, the configuration parameters for connecting to the wireless access point are transmitted by this audio channel to the new electronic device, the latter then being able to configure itself correctly in order to connect to the wireless access point of the network. 2. The method according to claim 1 , the steps of the method being performed by the same electronic device adapted for receiving and sending an audio message.3. The method according to claim 1 , the first electronic device comprising a first network module adapted for connecting to the communication network and a second network module adapted for connecting to a fourth electronic device claim 1 , the fourth electronic device comprising an audio transmitter and/or an audio receiver claim 1 , the first electronic device is adapted for claim 1 , once connected to the fourth electronic device claim 1 , sending and/or receiving an audio message via the fourth electronic device.4. A method for automatically configuring an electronic device to connect to a wireless access point of a communication network claim 1 , the electronic device comprising a radio module claim 1 , adapted for connecting to the wireless access point of the communication network claim 1 , and being adapted for receiving and sending an audio signal claim 1 , the method comprising the following steps performed by the electronic device:sending a first audio message comprising a first predetermined keyword,receiving a second audio message,determining whether this audio message corresponds to a second predetermined keyword,if so, then sending a third audio message comprising a third predetermined keyword, andreceiving a fourth audio message ...

First Network Node, Second Network Node, Wireless Device and Methods Therein for Handling Broadcast Information

A method for handling broadcast information is described. A first network node ( 111 ) operating in a wireless communications network ( 100 ) determines ( 403 ) one or more decryption keys (K 1, K 2, K 3 ) to be provided to a wireless device ( 131 ) in the wireless communications network ( 100 ). The decryption keys enable the wireless device ( 131 ) to decrypt information to be broadcasted by a second network node ( 112 ) in the wireless communications network ( 100 ). The information comprises a plurality of subsets of positioning information. Each of the subsets is to be, or is, encrypted with a different encryption key based on a respective type of subscription for wireless devices ( 131, 132, 133 ) in the wireless communications network ( 100 ). The determined decryption keys are based on at least one type of subscription of the wireless device ( 131 ). The first network node ( 111 ) then initiates ( 404 ) providing the determined to the wireless device ( 131 ).

Cryptographic Device with Detachable Data Planes

A system for performing encryption and/or decryption may include a parent cryptographic device. The parent cryptographic device may be configured to receive a first cryptographic key. The parent cryptographic device may be configured to determine one or more session keys based on the first cryptographic key and/or internally generated random data bits. The parent cryptographic device may be configured to insert the one or more session keys onto one or more child cryptographic devices that are operably connected to the parent cryptographic device. The one or more child cryptographic devices may be configured to receive the one or more session keys from the parent cryptographic device, and perform one or more of encryption or decryption of communications exchanged with another child cryptographic device of the one or more child cryptographic devices. The one or more child cryptographic devices may perform encryption/decryption after separation from the parent cryptographic device.

Location-aware beacon scanning and authentication for secure lock control and other iot applications

Systems and methods for location-aware scanning of an IoT beacon by a mobile device, and the authentication of the mobile device, are disclosed herein. The system detects when the mobile device is within a geofenced region associated with the IoT beacon and enables the scanning by the mobile device for signals from the beacon. Using the beacon signals received by the mobile device, the system detects when the mobile device and IoT beacon are sufficiently near one another. Once the mobile device and IoT beacon are sufficiently near each other, the system authenticates control of the mobile device over the IoT beacon by verifying an authentication key transmitted to a server.

Methods and Apparatuses for Avoiding Damage in Network Attacks

Methods and apparatuses in a client terminal and a web server for enabling safe communication between said terminal and server. When the terminal obtains a web page from the server in a session, the terminal creates a context-specific key, Ks_NAF′, based on one or more context parameters, P1, . . . Pn, pertaining to said session and/or web page. The terminal then indicates the context-specific key in a login request to the server, and the server determines a context-specific key, Ks_NAF′, in the same manner to verify the client if the context-specific key determined in the web server matches the context-specific key received from the client terminal. The context-specific key is thus bound to and valid for the present context or session only and cannot be used in other contexts or sessions.

METHOD, APPARATUS, AND COMPUTER PROGRAM PRODUCT FOR SECURE TWO-FACTOR AUTHENTICATION

Various methods are provided for secure two-factor authentication, and more specifically, for incorporating a layer of security to two-factor authentication using Short Message Service in a manner virtually transparent to the end-user. Methods may include receiving a request for registration for two-factor authentication from a client including a username and password; providing a request for a mobile device number; receiving the mobile device number and a pre-shared key; sending to a mobile device an identity of the client and a server key share; receiving from the mobile device a mobile device key share; sending information corresponding to an exchange with the mobile device and a challenge derived from the pre-shared key to the client in response to the device key share corresponding to the server key share; receiving confirmation of registration with the mobile device; and establishing a shared key in response to verification of the confirmation. 1. An apparatus comprising at least one processor and at least one non-transitory memory including computer program code instructions , the computer program code instructions configured to , when executed , cause the apparatus to at least:receive a request for registration for two-factor authentication from a client;receive a username and password;provide a request for a mobile device number in response to the username and password corresponding to an account;receive the mobile device number and a pre-shared key;send, to a mobile device corresponding to the mobile device number, an identity of the client and a server key share;receive, from the mobile device, a device key share;send information corresponding to an exchange with the mobile device and a challenge derived from the pre-shared key to the client in response to the device key share corresponding to the server key share;receive, from the client, confirmation of registration with the mobile device; andestablish a shared key in response to verification of the ...

System and method for nfc peer-to-peer authentication and secure data transfer

A reader device may generate a first identifier. The reader device may transmit the first identifier to a mobile device. The reader device may receive encrypted data and unencrypted data from the mobile device in which the encrypted data includes a second identifier. The reader device may evaluate whether the first identifier and the second identifier correspond to one another.

METHOD AND APPARATUS FOR DISCUSSING DIGITAL CERTIFICATE BY ESIM TERMINAL AND SERVER

The present disclosure relates to a communication technique for convergence of IoT technology and a 5G communication system for supporting a higher data transfer rate beyond a 4G system, and a system therefor. The present disclosure can be applied to intelligent services (e.g., smart homes, smart buildings, smart cities, smart or connected cars, health care, digital education, retail business, and services associated with security and safety) on the basis of 5G communication technology and IoT-related technology. Disclosed are a method and an apparatus for securely providing a profile to a terminal in a communication system 1. A method performed by a terminal including a universal integrated circuit card (UICC) in a wireless communication system , the method comprising:obtaining a certificate issuer (CI) public key identifier;obtaining, from the UICC, UICC information including a list of public key identifiers supported by the UICC;in case that a public key identifier for an authentication is restricted to the CI public key identifier, modifying the list by removing at least one public key identifier not matched with the CI public key identifier from the list of the public key identifiers supported by the UICC; andtransmitting, to a server, a message for initiating the authentication, the message including the modified list.2. The method of claim 1 , wherein modifying the list further comprises:comparing the CI public key identifier with the list included in the UICC information.3. The method of claim 1 , wherein the CI public key identifier is obtained by any one of: receiving a user input with respect to the terminal claim 1 , retrieving information stored in the UICC claim 1 , receiving an activation code claim 1 , or receiving a command code.4. The method of claim 1 , further comprising receiving claim 1 , from the server claim 1 , another message in response to the message claim 1 ,wherein the other message includes a CI public key identifier to be used by the ...

Methods supporting authentication in wireless communication networks and related network nodes and wireless terminals

Some methods in a wireless communication network may include providing a first authentication key, and deriving a second authentication key based on the first authentication key, with the second authentication key being associated with the wireless terminal. Responsive to deriving the second authentication key, a key response message may be transmitted including the second authentication key and/or an EAP-Finish/Re-auth message. Some other methods in a wireless communication network may include receiving a key response message including a core network mobility management authentication key and an EAP-Finish/Re-auth message. Responsive to receiving the key response message, the network may initiate transmission of an EAP-Finish/Re-auth message and/or a freshness parameter used to derive the core network mobility management authentication key from the wireless communication network to the wireless terminal responsive to the key response message. Related wireless terminal methods are also discussed.

Method, Apparatus, and Device for Managing Authentication Data of STA

A method, an apparatus, and a device for managing authentication data of a station (STA), where the method includes determining, by a first wireless local area network (WLAN) controller, that a first access point (AP) is an edge AP when a first STA associates with the first AP, where the edge AP is an AP neighboring to another AP, and the other AP and the edge AP are respectively managed by different WLAN controllers, and sending, by the first WLAN controller, authentication data of the first STA to at least one WLAN controller in order to resolve a problem that system performance is affected because relatively much signaling is required by processing when a WLAN controller synchronizes authentication data of a STA when the STA associates with an AP.

5g broadcast/multicast security

A user equipment (UE) may receive a quality of service (QoS) flow for a multicast or broadcast service that is secured with a multicast-broadcast key. The UE may transmit a data session establishment request to a service management function (SMF) for the multicast or broadcast service. The UE may receive at least one multicast-broadcast key for the PDU session. The UE may determine a radio bearer (RB) configuration for the multicast or broadcast service. The UE may receive one or more QoS flow packets for the multicast or broadcast service over the RB. The UE may decode the one or more QoS flow packets using the at least one multicast-broadcast key, or a key derived from the at least one multicast-broadcast key. Decoding may include decrypting, verifying the integrity, or a combination thereof.

Power Management and Security for Wireless Modules in "Machine-to-Machine" Communications

Methods and systems are provided for power management and security for wireless modules in “Machine-to-Machine” communications. A wireless module operating in a wireless network and with access to the Internet can efficiently and securely communicate with a server. The wireless network can be a public land mobile network (PLMN) or a wireless local area network (LAN). The wireless module may include a sensor and may be installed next to a monitored unit. The wireless module may utilize active states for collecting and sending data, and sleep states at other times to conserve a battery and/or energy usage. The wireless module minimize the time spent in a radio resource control (RRC) connected state. Messages between the wireless module and server can be transmitted according to a user datagram protocol (UDP). The wireless module and server can utilize public key infrastructure (PKI) for encryption and digital signatures.

Terminal Device, Access Point, Communication Device, And Computer Programs Therefor

A terminal device (e.g., a smartphone) may use a private key to generate a first configuration object used for establishing a first wireless connection between the terminal device and an access point. The terminal device may also use the private key to generate a second configuration object used for establishing a second wireless connection between a communication device (e.g., a printer) and the access point. The terminal device may then transmit specific data (e.g., print data) to the communication device via the access point. 1. One or more non-transitory computer-readable media storing instructions that , when executed by one or more processors , cause a terminal device to:obtain a first public key of a communication device;send, to the communication device via a wireless interface of the terminal device, a first authentication request generated using the first public key;receive, from the communication device via the wireless interface, a first authentication response responsive to the first authentication request;after the first authentication response is received from the communication device, generate second connection information for establishing a second wireless connection between the communication device and an external device different from the communication device;send the second connection information to the communication device via the wireless interface;after sending the second connection information to the communication device, send a query request to the communication device via the wireless interface; andafter sending the query request to the communication device, receive, from the communication device via the wireless interface, a query response responsive to the query request, in a case where the communication device establishes the second wireless connection with the external device using the second connection information.2. The one or more non-transitory computer-readable media as in claim 1 , wherein the terminal device comprises a memory ...

Mobile station, base station, communication system, display control method, communication control method, and program

A mobile station is provided to which multimedia broadcast/multicast service can be applied also during carrier aggregation. A mobile station communicates with a base station by carrier aggregation using a plurality of component carriers having different frequency bands. The mobile station receives contents in MBMS from the base station using at least two component carriers of a plurality of component carriers. The mobile station causes a display to display the received contents.

Bluetooth low energy (ble) pre-check in

One or more Bluetooth® low energy (BLE) beacons in communication with a remote server that provides check in capabilities and payment capabilities may be installed at a location. The BLE beacons may connect with a user's mobile device when the user enters the location and allow the user to check in to the location and authorize payments to be made at the location. Once the user is checked in to the location, the user may be provided with additional functionality, benefits, offers, and applications related to the location and facilitated by the check in. Further, the user may be pre-checked in into a next location when the user is at a current location.

Verfahren zur Nutzungsfreigabe sowie Funktionsfreigabeeinrichtung hierzu

A method is described for the release of use of functions of at least one local data receiving unit () for a user by means of a central data processing unit () and the at least one selected local data receiving unit (). The local data receiving unit () is configured to receive an encrypted release dataset from a user and to release use if at least one security feature contained in the release dataset in each case matches a corresponding release criterion stored in the local data receiving unit (). The method comprises the following steps: 123-. (canceled)24. A method for the release of use of functions of at least one local data receiving unit for a user by a central data processing unit and the at least one selected local data receiving unit , wherein the at least one local data receiving unit is configured to receive an encrypted release dataset from a user and to release use if at least one release criterion contained in the release dataset in each case matches a corresponding release criterion stored in the at least one local data receiving unit , comprising:a) generating the encrypted release dataset through encryption of the at least one release criterion by the central data processing unit with a release key known to the central data processing unit and to the at least one local data receiving unit and with an individual security feature of the user known to the central data processing unit;b) transmitting the encrypted release dataset from the central data processing unit to a mobile terminal device;c) transmitting the release dataset from the mobile terminal device to the at least one local data receiving unit together with an individual security feature of the user;d) decrypting the release dataset which is encrypted with the combination of the release key and the individual security feature in the at least one local data receiving unit to produce a decrypted release dataset; ande) releasing the use of a function on successful verification of the release ...

Device agnostic remote esim provisioning

Systems and methods for device agnostic remote eSIM provisioning. One example method includes detecting, with an electronic processor, a provisioning trigger event. The method includes, responsive to detecting the provisioning trigger event, transmitting, via a transceiver, a provisioning request to a mobile device management server, the provisioning request including a device identifier and an identifier for an integrated circuit card of the wireless communication device. The method includes receiving, from the mobile device management server, an activation code. The method includes transmitting, to the integrated circuit card, a provisioning command based on the activation code.

IDENTITY-BASED MESSAGE INTEGRITY PROTECTION AND VERIFICATION FOR WIRELESS COMMUNICATION

Techniques for identity-based message integrity protection and verification between a user equipment (UE) and a wireless network entity, include use of signatures derived from identity-based keys. To protect against attacks from rogue network entities before activation of a security context with a network entity, the UE verifies integrity of messages by checking a signature using an identity-based public key PKderived by the UE based on (i) an identity value (ID) of the network entity and (ii) a separate public key PKof a private key generator (PKG) server. The network entity generates signatures for messages using an identity-based private key SKobtained from the PKG server, which generates the identity-based private key SKusing (i) the ID value of the network entity and (ii) a private key SKthat is known only by the PKG server and corresponds to the public key PK. 1. A method for protecting message integrity , the method comprising:{'claim-text': [{'b': '1', '#text': 'sending a request to a private key generator (PKG) server, the request including a first identity value (ID) for the network entity;'}, {'sub': ['ID1', 'PKG'], 'b': '1', '#text': 'receiving from the PKG server a response that includes a first private key (SK) that is based on ID and on a private key of the PKG server (SK); and'}, {'claim-text': [{'sub': 'ID1', '#text': 'generating a signature for a first message, the signature based on SK; and'}, 'sending the first message concatenated with the signature to the UE.'], '#text': 'prior to establishing a security context with a user equipment (UE):'}], '#text': 'by a network entity:'}2. The method of claim 1 , further comprising:{'claim-text': [{'b': '1', '#text': 'providing ID to the UE before sending the first message,'}, {'sub': ['ID1', 'ID1'], '#text': 'wherein the UE verifies the first message using a first public key (PK) that corresponds to SK.'}], '#text': 'by the network entity:'}31. The method of claim 2 , wherein the UE generates PKusing ID ...

METHODS, NETWORK NODE AND WIRELESS DEVICE FOR VERIFICATION OF BROADCAST MESSAGES

Embodiments herein relate to a method performed by a network node for enabling verification of a broadcast message transmitted from the network node to a wireless device. The network node signals a first public key, to the wireless device, using a secure connection. The network node further transmits a first broadcast message protected by a signature. The signature is generated from at least a protected part of the first broadcast message using a first private key, the first private key being associated with the first public key. Thereby, the broadcast message can be verified by the wireless device using the distributed first public key, thus preventing fake broadcast messages to be accepted by the device. 1. A method performed by a network node for enabling verification of a broadcast message transmitted from the network node to a wireless device , which network node and wireless device operate in a wireless communication network , the method comprising:signaling a first public key, to the wireless device using a secure connection; andtransmitting a first broadcast message protected by a signature, the signature being generated from at least a protected part of the first broadcast message using a first private key, the first private key being associated with the first public key.2. The method according to claim 1 , wherein the protected part of the first broadcast message comprises a second public key claim 1 , the method further comprising: transmitting a second broadcast message claim 1 , wherein the second broadcast message is at least partly signed using a second private key claim 1 , the second private key being associated with the second public key.3. The method according to claim 2 , wherein a protected part of the second broadcast message comprises a third public key.4. A method performed by a wireless device for verifying a broadcast message transmitted from a network node to the wireless device claim 2 , which network node and wireless device operate in a ...

Communication Method And Device In Wireless Local Area Network

This application provides a communication method and device in a wireless local area network. The communication method includes: A receive end receives indication information from a transmit end, where a buffer of the receive end stores a log-likelihood ratio (LLR) corresponding to coded bits in an aggregated media access control protocol data unit (A-MPDU) subframe including a target media access control protocol data unit (MPDU). The receive end discards the LLR corresponding to the coded bits in the A-MPDU subframe including the target MPDU according to the indication information. According to the technical solutions provided in this application, the LLR corresponding to the coded bits in the buffer of the receive end can be discarded in time, thereby improving throughput of a system and reducing memory requirements. 1. A key configuration method , comprising:receiving, by a target mobility management entity, a first message sent by a source mobility management entity, wherein the first message comprises first bearer information of a terminal device in a source network;determining, by the target mobility management entity, first information based on the first bearer information, wherein the first information is used to indicate a security protection mode of first bearer data in a target network; andsending, by the target mobility management entity, the first information to the source mobility management entity.2. The method according to claim 1 , wherein the first information comprises any one of the following information:non-access stratum NAS protection indication information, access stratum AS protection indication information, and user plane function entity UPF protection indication information; andthe UPF protection indication information is used to indicate that the first bearer data in the target network uses a security protection mechanism between the terminal device and a user plane function entity.3. The method according to claim 1 , wherein the method ...

Autonomous vehicle authentication key delivery

A server includes one or more processors, programmed to responsive to receiving, from a mobile device of a user, a hailing request that identifies the user as requesting to schedule a ride, select a vehicle to respond to the hailing request based on a capacity to accept an encryption key of the vehicle, the hailing request including a user profile, generate an encryption key to authenticate the mobile device of the user with the vehicle, send the encryption key to both the vehicle and the mobile device to schedule the ride.

Cloud enrollment initiation via separate device

Systems and methods for initiating enrollment of a local device in a cloud environment using a separate device are presented. In an example embodiment, a device identifier for the local device is received from the local device by a separate device that is trusted by a cloud computing system. The separate device causes the displaying of an indicator for the local device. In response to receiving an activation of the indicator for the local device, the separate device issues a request to the cloud computing system to receive credential information enabling the local device to enroll with the cloud computing system. The separate device receives the credential information from the cloud computing system and transmits the credential information to the local device.

Operation related to user equipment using secret identifier

A method performed by a network node of a serving public land mobile network, PLMN, associated with a user equipment, UE, comprising: obtaining a secret identifier that uniquely identifies the UE, wherein the secret identifier is a secret that is shared between the UE and at least a home PLMN of the UE and that is shared by the home PLMN with the network node; and performing an operation related to the UE using the secret identifier. Other methods, computer programs, computer program products, network nodes and a serving PLMN are also disclosed.

Seamless handover between devices

A method and apparatus in a wireless network that allows a first device and second device to perform handover of a session, between the first device and a third device, to the second device is disclosed. The first device and the second device exchange information to enable the handover of the session from the first device to the second device. The second device may then continue the session by communicating with the third device in place of the first device. The handover of the session may be triggered by a user of the first device, triggered by a user of the second device, or automatically initiated upon the occurrence of certain other trigger events. The first and second devices may be devices such as first and second mobile devices operating in a WLAN. The third device may be an access point device of the WLAN.

KEY REVOCATION FOR THE AKMA FEATURE IN 5G

A method performed by an Authentication and Key Management for Applications security anchor function (AAnF) includes determining that an anchor key associated with a user equipment (UE) is no longer valid and sending, to at least one Authentication and Key Management for Applications application function (AKMA AF) a message that revokes the anchor key. 1. A method performed by an Authentication and Key Management for Applications security anchor function , AAnF , the method comprising:determining that an anchor key associated with a user equipment, UE, is no longer valid; andsending, to at least one Authentication and Key Management for Applications application function, AKMA AF, a message that revokes the anchor key, the message comprising an application key identifier for revoking at least one application key based on the message indicating that the anchor key is no longer valid.2. The method of claim 1 , wherein the AKMA AF comprises an interface that communicates with the UE.3. The method of claim 1 , further comprising maintaining a list of AKMA AFs for the UE claim 1 , wherein the AAnF uses the list to determine the at least one AKMA AF to which to send the message revoking the anchor key.4. (canceled)5. The method of claim 1 , wherein determining that the anchor key associated with the UE is no longer valid comprises determining that the anchor key has been compromised.6. The method of claim 1 , wherein determining that the anchor key associated with the UE is no longer valid comprises determining that the UE is not authenticated anymore.7. The method of claim 1 , wherein the message is transmitted over an integrity protected connection.8. The method of claim 1 , further comprising receiving claim 1 , from the AKMA AF claim 1 , a response message indicating successful reception of the message.9. The method of claim 1 , further comprising receiving claim 1 , from the AKMA AF claim 1 , a response message indicating unsuccessful reception of the message.1018.-. ...

SYSTEMS AND METHODS FOR MANAGING AN ITEM

A method is provided to manage an item connected to an Internet of Things (IoT) platform via an object. The method may include receiving, on the IoT platform, a request for an action relating to the item from a user terminal. The method may include generating a first instruction for processing the action relating to the item in response to the request. The method may include providing, from the IoT platform, the first instruction to the object and/or the user terminal. The method may include receiving, on the IoT platform, feedback information regarding the item upon completion of the action relating to the item in accordance with the first instruction. The method may further include generating, based on the feedback information, a second instruction for triggering, based on the completion of the action, an operation mode of the object. 1. A method for controlling a telematics box (Tbox) of a vehicle connected to a vehicle management platform configured to provide shared use of the vehicle , comprising:receiving, on the vehicle management platform and from a user terminal, a request for an action of returning the vehicle, the request including an identifier of the Tbox of the vehicle;generating a first instruction for processing the action of returning the vehicle in response to the request;providing, from the vehicle management platform, the first instruction to the Tbox of the vehicle;receiving, on the vehicle management platform, feedback information regarding the vehicle upon completion of the action of the returning the vehicle in accordance with the first instruction; andgenerating, based on the feedback information, a second instruction for triggering a mode change of the Tbox from a working mode to a sleeping mode.2. The method of claim 1 , wherein the second instruction further includes a secret key claim 1 , and the method further comprises:transmitting, from the vehicle management platform, the secret key to the Tbox of the vehicle.3. The method of claim ...

Security key generation and management method of pdcp distributed structure for supporting dual connectivity

The present disclosure relates to a pre-5th-Generation (5G) or 5G communication system to be provided for supporting higher data rates Beyond 4th-Generation (4G) communication system such as Long Term Evolution (LTE). A method for communicating by a user equipment with a macro cell base station and a small cell base station in a communication system is provided. The method comprises applying a first base station security key to a first communication link with the macro cell base station; generating a second base station security key to be used for a second communication link with the small cell base station based on the first base station security key; applying the second base station security key to the second communication link with the small cell base station; and communicating through at least one of the first communication link and the second communication link.